Security was one of the top buzzwords for 2017. From ransomware attacks to data leaks, it’s apparent hackers are out there working hard — and consumers are starting to feel far more skeptical of our data management.
Network and server administrators have to be on their game day in, day out, while criminals just have to find one tiny crack to exploit. Once they do, the lawsuits and expenses to fix the problem could put a medium or small company out of business.
According to Gartner, an IT research firm, 30 percent of Global 2000 companies will have been directly compromised by cybercriminals by 2020. Some large companies are going as far as hiring a Chief Information Security Officer (CISO) to combat this unrelenting enemy.
No matter your company’s size, there is a lot of IT infrastructure to monitor. The very idea of keeping it all secure it daunting. But many cyber attacks exploit unnoticed security vulnerabilities. Yahoo! Has been struck twice, and both times lax security procedures were partly to blame. But there are steps you can (and must) take to stay ahead of the hackers.
Assess Your Infrastructure
Call it an assessment or an audit or a checkup. When was the last time you took stock of your resources and your risks? What about your security measures? Make it a goal to examine every aspect of IT:
- Make a list of all the data you could lose in an attack and put them in order of importance. Think like a hacker: what would someone want to steal? If they did, how would they do so
- Make a list of the programs that are run on all your assets.
- Make sure you have a list of all hardware, including serial numbers and model numbers.
- WiFi is often a weak link. Check to see if your is vulnerable to a KRACK attack.
- Note which devices are connected to the network and when.
- Do employees bring their own devices to work? If so, consider those as well. Are they using public email services (Gmail, Yahoo) in addition to the email programs you have installed?
- What about team members who travel or are in the field? What devices do they have with them and what can they connect to that might be detrimental if lost?
- Create a schedule for updating hardware and software, if you don’t already have one. You might have the software in place, but new releases and updates are what keep it secure.
- Angry employees, contractors, or vendors have been known to cause problems. List those who have access to sensitive information and implement a plan if one of them were to exploit you.
Preventing Human Errors
No human is perfect, and no matter how much you educate your team about phishing scams and secure passwords, someone is going to make a mistake. After all, scammers are always trying to look and sound more real. Some are even spoofing email addresses so it appears to come from someone within your company. Your employees may assume the right protections are in place so that if an email does arrive, it must be legitimate. But human errors are the primary cause of most business cybersecurity attacks. Prevent these problems by:
- Reinforcing education. You can’t just have the IT talk with everyone once. Schedule regular training about phishing, malware, and more. Make these mandatory.
- Installing web filtering to block websites known to be malicious. (Browsers can’t protect from all of these.)
- Requiring regular password changes. Just telling your team to change their passwords and make them strong isn’t enough. Make it mandatory. Either put it on the calendar or set up programs so that employees have no choice.
- Creating security procedures and following through. Some cyber attacks occur when someone pretending to be an employee asks a “coworker” to help them out. Their urgent problem requires access to networks. Prevent this type of social engineering attack by putting procedures in place and enforcing them.
Along those lines, make sure team members know to lock away papers and not to leave documents in the printer or scanner. A pile of documents with your entire team’s Social Security numbers on it could post just as much a problem as the list in Excel.