Cyber security is an area every business should be concerned about. Unfortunately, the number of companies with a plan to address this threat are woefully inadequate. Do companies not recognise the seriousness? Are companies taking the approach that it won’t happen to them? It’s a bit of all of these.
The biggest problem is most companies believe their limited protection will save them. This isn’t a strategy, it’s a formula for disaster. How to eat this elephant, one bite at a time. First start with a policy. A policy won’t protect you, but it will put teeth behind your recognition of the seriousness of the problem. What to do if a computer is infected, what to do if a suspicious email comes in, who are the point (s) of contact? This is the basis needed to start your plan, says Joseph Zulick a writer and manager at MRO Electric and Supply.
Some people think only big companies need to address the hazard, not so. Many of these risks are just broad risks that infect and are past on like the common cold. Identify the hazards. Phishing, Ransomware, Malware, Bots, spam, pop ups, etc. Education of your employees is the next step. Everyone should be trained to recognise and assess the hazards.
Much like a fire drill, you need to make sure everyone understands what to do. It’s even necessary to do a risk assessment that incorporates sending bogus emails that look suspicious to determine where the employees are on their awareness and then a reassessment periodically to make sure personnel are not being lulled into a false security.
It typically only takes one person to open a fraudulent email to create a problem inside your protective cocoon of any firewall protection you have. This is also why in these hazardous days most IT professionals are Leary of the Internet of Things (IoT). IoT can be risky if not done properly. Software that protects and keeps up with the latest risks is a must. The worst thing you can do is believe you’re impervious to these malicious attacks. Don’t bury your head in the sand and think that you won’t have it happen.
I know many people have the belief that they don’t want IoT because it opens up a hole in your system. The top systems address this hazard using compilers that really don’t have any direct data or expose the key elements to the outside systems. Nothing is perfect, so addressing the risks as they come up is important. Remember the day you could use a passcode 1,2,3,4 and felt fairly safe? Now most systems require a sophisticated password, partially because of the faster processors used to have the system. Many are going to the 2 part system requiring a confirmation from a trusted device or contact. Others are locking you out after 2-5 failures.
More systems use a reverse code to prove to you that you are on their actual site. Sometimes these will be a certain picture and a certain word so you know you are on the correct site. This is due to bogus emails with duplicate sites that look, feel and mimic the real site to get you to expose your info.
Awareness needs to be addressed since it can be the most effective safety for social piranhas who attempt to gain information through social interaction. Unfortunately the younger generation is far more likely to feel comfortable interacting online and sharing details that can be exploited later.
Identity theft we hear of is mainly in the financial pages but criminals use this data far more extensively to gain info used from drivers licenses, medical coverage, and just simple aliases that can be used to gain access in companies and services. Information is power and making employees aware of how information is used in criminal manners. The bigger the company the more risk but don’t take this to mean criminals don’t see a benefit in an easy mark.
Small companies have limited resources and many times don’t perform necessary safety updates that are important company wide. This makes them an easy target for even low level hackers. Outdated software is a significant risk. Patches that look for malware, or scams are outdated. This causes an open portal with continuous monitoring. Iot must keep pace in this area. It can feel like you’ve done everything and in a few days without critical security updates it can all go away. You have to also be aware of third party cybersecurity. If companies who do your billing or perform outsourced tasks this can be the weakness despite your best efforts. How many of us have received a notification of a data breach?
The author is Joseph Zulick, writer and manager at MRO Electric and Supply.