Protecting Against Inside and Outside Threats
A list of basics for small enterprises to defend against insider threats, employee ignorance, and outside attacks.
Join the DZone community and get the full member experience.Join For Free
With a new or small business, taking steps to be safe from online crime should be an important part of your company’s daily routine.
While you don’t want to operate from a position of fear, a healthy respect for security with your technology and the internet is vital. Hackers really are out there, looking for vulnerability. Have you established security routines for all of your staff? Once you or your IT group develop a plan, debug your system, and train staff on security, you’re part way there.
What you cannot train staff for is being human. People are compulsive. They’re naturally curious. Maybe there was an odd screen on the monitor asking for new security questions to be completed and a password changed. The staffer complied without asking your IT person or manager if that was something they generated. The request was there, it looked legitimate, so they complied.
Suddenly, your company data is vulnerable. You might be a victim of malware or ransomware. The hackers might hold your data hostage until you pay them.
Being Secure From the Inside and Out
While online crime is a major threat with reports of hacking reported regularly, consider also companies you have regular contact with.
An example: A hospital had a point of vulnerability they never considered — the hospital cafeteria’s credit card processor. Most people would not have considered that connection, which netted the hackers thousands of patients’, visitors’, and hospital employees’ data.
While small businesses may not have thousands of people at a credit card checkpoint, as the hospital did, the situation demonstrates that every organization can have a weak point in their data collection and security.
And don’t forget your in-house potential. Who do you trust? Consider employee computer usage. With what seems insignificant personal computer searches or social media interaction, an employee may have left your company’s data open to hacking.
Considering the following measures to increase your company’s computer and cybersecurity:
As part of your mandated daily employee routine, verify that employees use complex passwords in combination with numbers that are not based on pet names, birthdays, anniversaries, addresses, or graduation dates. Each account should have a different password. Insist that employees do not share passwords with other employees.
Professional hackers have fun trying combinations until they access accounts. This can happen at even the most unlikely levels — the CEOs of companies you’d consider the most savvy have been hacked! Don’t make it easy!
Take Precautions Against Employee Sabotage
When individuals leave the company, be sure to take steps to change passwords and secure data. No matter what the situation, it’s best to keep everything secure from disgruntled employees.
Start before you even hire employees by checking credentials carefully. Especially for employees who have functions dealing with money and accounting, have a trusted outside source audit the accounts if the company is missing funds.
Use the Proper Software to Protect Your Company Data
Choose and install highly-rated anti-malware, antivirus, firewalls, and anti-spam applications. If your company does not have a dedicated IT person, find a firm that has many recommendations and is noted for its expert knowledge in cybersecurity. Have them install the applications and train trusted employees to monitor the results.
Teach employees to secure their data so the routines become second nature. Employees who manage payroll and bank records should know if a process has been compromised. Keep new and established employees abreast of your current best practices by running regular security seminars. Show them what is expected with examples to make the situations real.
Make changes regularly to keep everyone on their toes. Update systems, programs, passwords, and security, but not so the changes are predictable. Store passwords in secure ways — and not in cell phone cases, handbags, and wallets.
If this sounds like paranoia out of a sci-fi film, it is not. Real damage can be done if these security steps are not taken seriously. Trust no one. A digital world exists where wily cybercriminals pride themselves on accessing data. Don’t make it easy for them.
Inside your organization, without being corporate spies, employees can unwittingly be damaging your security. And, even more insidious are the employees who are bleeding their companies because they have figured out ways to scam them. Tighten up security. Don’t make scams tempting!
Opinions expressed by DZone contributors are their own.