Security is everyone’s business. If you think security is all network related, then think again. While companies (even information technology (IT) managers) often throw more money at IT investments when security breaches arise, many security breaches are actually people-related issues that can be easily managed, if not prevented.
There’s no denying that the hackers’ playing field has broadened globally through the recent explosion of mobile devices, such as laptops, smart phones and tablets. Data has never been so easily accessible, nor widely available as it is today. As these devices become more powerful, they can hold much more information than ever before. Add to that our tendency to carry both business and personal information on the same device and your risk becomes even greater.
However, you don’t have to compromise convenience of technology for safety.
You can save your company, your clients and your family time and money by becoming aware of the threats, vulnerabilities and counter measures you can take to mitigate the risk of being attacked and by securing your assets and sensitive data.
Examples of sensitive data include:
- Employee’s personal data
- Operational Plans
- Trade secrets
- Business Intelligence
- Marketing Plans
- Product Information
- Business Plans
1. Watch your apps – while some companies, such as Apple, have strict standards for the types of applications made available online for iPods/iPads, most tablets use Android technology, which is wide open to developers and millions of free applications that may be infected.
- Do some due diligence and resist the temptation to download applications from unknown or un-reputable companies.
- Read reviews from other users who have downloaded applications.
- Avoid downloading applications from companies asking for private data or notifying you that a third-party application is requesting private information.
- Even if an application is made available on a reputable site, the application itself may not be safe.
2. Safeguard servers in a secure location – physically lock the area where your assets are located and limit access to those who can access it.
Develop and enforce technology policies – There are many resources that provide guidance on the treatments of company information and assets. Make these policies a priority!
3. Use security monitoring services – an ounce of prevention is your safest bet is to hire a third-party to act as your burglar alarm. People are your greatest asset and they are much smarter and intuitive than systems or software at detecting potential threats.
4. Keep a close eye on your assets – when you travel, be sure to secure your laptop or other mobile device. If your equipment is misplaced, lost or stolen, you may be disclosing information about your company and its customer base. Under federal law, your company would have to notify potentially millions of people whose data was compromised and this is an easy and costly mistake.
5. Use a VPN – if you have access to a VPN (virtual private network), use it. A VPN provides secure access to the network and allows you to get online behind a secure layer that helps protect your information. You should also avoid unencrypted public wireless networks, such as Wi-Fi networks where no authentication or password is needed to log in. Not only can you log in, but so can the bad guys.
6. Even encrypted networks, (those that require an ID or password for access), such as WEP (wired equivalent privacy) and WPA (Wi-Fi protected access) have risks, and it’s possible for hackers to gain access. Be cautious about how you use these networks. In addition, turn off Wi-Fi when you’re not using it. This will prevent you from automatically connecting to networks (and will extend your device’s battery life).
7. Employ strong passwords or devices – Try using a combination of letters, numbers and/or special characters of eight or more.
Create acronyms for things you’ll remember, such as your favorite foods, songs and other items only you would know. Change your passwords frequently. Also, don’t write your passwords down. Instead, use a device, such as a password keeper, to store important passwords.
8. Educate your staff – hold regular meetings to make employees aware of your policies, threats and consequences of enabling a breach. Most employees are not even aware of the potential impact this may have on a business and to the bottom line. Security can be as easy as not clicking on a link, or opening an attachment in an e-mail.
9. Make sure software is up-to-date – nearly every release of software patches a number of security vulnerabilities that are out there. Check regularly to see if an update is available. If there’s a new one, download it, unless there are negative reviews from early adopters.
10. Look beyond the obvious – consider investing in new tactics, such as social engineering services (also referred to as people hacking), to test your staff for potential security breaches.
Treat the Situation like a Crime Scene
What do you do if you’ve been or suspect you’ve been hacked?
- Immediately secure the area and disconnect your system to prevent further hacking. This will enable you to isolate the issue as well.
- Don’t disturb the “crime scene.” Leave everything as is until an investigation can be ordered.
- Dig up and document details about the breach, such as time, date, possible cause, etc. If your case goes to court, it’s important that you have as much evidence as possible.
- Interview employees, such as systems administrators, who may be involved in causing or detecting the breach.
- Call in a forensics team! Contact a third-party vendor immediately to investigate the cause and provide prescriptive guidance on how to fix it. They will also suggest ways to prevent it from happening again.
