Corporate Security Starts From The Inside: Education
Threats today come in many forms. You can barely open a newspaper or turn on the news without hearing of yet another high-profile hack of this health organisation or that major retailer compromising real people’s private details and even banking information to the “New Underbelly”, with computers and Internet connections as weapons in place of guns. Businesses and even Governments are scrambling to catch up and gear up for the next terrorist battlefield – the digital one.
What has your organisation done in anticipation of the daily threats surrounding business today? What information have you provided to employees, not just around what type of websites they can visit, but specifically around typical IT threat situations they may encounter?
Do you have an IT threat disaster/emergency response plan?
What happens to your corporate data including customer details, credit card numbers, client data, vendor lists and sensitive communications in the event of a breach whether initiated from inside or outside?
DID YOU KNOW?
- As of 2006-2007, 14% of small businesses had experienced one or more computer security incidents. 1.4% of businesses had experienced 10 or more in the same two year period. That was nearly 10 years ago!
- 34% of infected corporate networks become so because an employee clicked a link in a phishing email.
- 62% of firms surveyed in 2014 said that even when they allocated budget to increase IT Security staff, they could not find sufficient bodies due to a skills shortfall
Security goes right to the heart of business continuity. Robert S Mueller, Director of the FBI, once said “There are only two types of companies – those that have been hacked, and those that will be”. Sadly this is probably true.
Before you spend a fortune employing your own anti-cyber warfare team, there are many things you can do to mitigate the real risk that security, or lack thereof, poses.
- Consider outsourcing managed security to a provider who takes the time to understand your business and the risks it faces. Your business has its own special set of requirements whatever its size or target market, and a generic “one-size-fits-all” volume service provider isn’t going to tailor security to fit your needs. Nothing fits better than a measured solution. Think of it like a good suit.
- While you’re at it, think about the rest of your business. Does it make sense to evaluate the way information currently flows within your business looking for leaky taps to see if it’s possible to address those issues as well? One of the most efficient ways to prevent human error is to remove it prior to their intervention. An externally supported Threat Management solution can include application level policies that both increase productivity (allow reading of Facebook anytime, but posting only between 12-1pm for example), but also go a long way to stopping external intrusions from getting in the front door. A top class service provider will even provide full monitoring and visibility into the off-site security to provide transparency and create an environment of “trust but verify” to ensure their service does what it says it will do.
- Most importantly, educate your staff. If you don’t have a response plan for IT security issues, get one now. It should include:
- Education about phishing attempts – what to look for to determine an email’s legitimacy
- Policies updated and circulated regularly about what is, and what is not, an appropriate use of company internet facilities, and the use of personal devices (mobile phones using company WiFi, laptops or USB memory sticks, 3G/4G wireless routers, etc.)
- Response plan in the event that a threat is determined – who to call both internally and externally, and other steps related to internal infrastructure or external facing websites and servers if appropriate
The Australian Government has developed the Smart Online website which also contains information for consumers, families with children and small business on basic practices related to online security. The small business section can be found HERE.