Companies spend thousands and thousands of dollars every year trying to protect their networks and secure their precious data. They deploy firewalls, antivirus, group policy, on site security, and any number of other things all in an effort to protect their company from an embarrassing and costly hack or data breach. So why is it that every few months we see this in the news?
Another company has been breached 10 million users were affected. The leaked data included names, emails, and home addresses.
The truth is that no matter how much time and money a company puts into it’s security there is one weakness that will always be there. The people employed in the company. Every couple years or so there is a stunningly brilliant piece of hacking that results in a major data breach or a sometimes hilariously defaced website. The majority of these so called hacks however, are simply someone in the company doing something they shouldn’t have done. They left a door unlocked, charged their cell phone on a company computer, or clicked on a suspicious link. Human error is the number one cause of these infamous hacks.
So what can you do? Is your company doomed to eventually suffer an inevitable breach? Is your company destined to wear the scarlet letter of the tech industry? Well yes and no. Yes if you are a big enough company for attackers to target. No one ever hears of their local pet supply shop having a data breach because what are attackers going to steal? The current number of purina dog chow bags on hand? Instead attackers would be likely to attack the company the pet shop uses to process credit cards and score all of that juicy data that goes for thousands of dollars on the dark web.
Kidding aside if your company stores a large amount of customer data or anything you wouldn’t want to leak to the entire world there are some things you can do to help shore up this weakness of human error.
1. Train and Educate
Train everyone in your company to recognize what suspicious emails look like. Teach them to inspect the link before clicking and make sure it comes from a valid source. We live in a age where we have technology that can kill most spam and most phishing attacks before they ever reach an end user, but as good as they are they aren’t perfect and someone somewhere is going to get a phishing email. If people are educated and properly trained they will flag it, delete it, or ignore it and a disaster is avoided. If no one is trained then there goes your security. You now have a hole. Premier One offers security training and tools to simulate real life attacks so when the real thing happens everyone is equipped and ready to handle it.
2. Test Your Physical Security
One of the fastest ways for attackers to steal your precious data is to have physical access to it. They do this by physically entering your company’s location and injecting an exploit locally. This happens a lot in the mid-west where the standard mid-westerner holds the door open for everyone letting people just walk right into the building. Other attacks include fake badges to get in the front door or fake package delivery and so on and so forth anything to gain physical access. Because the truth is people are probably not going to confront someone in the building unless that person is super obvious. So test this weakness hire a friend to come try and get in your building undetected or talk to Premier One and allow us to analyze your security and see what weaknesses you have.
3. Instill a Culture of Security
Integrate a culture of security into your company. Begin analyzing how the changes and moves you make everyday could impact the security and well being of the company. Encourage everyone to look for security vulnerabilities and offer incentives for those that find them. Instill a sense of pride that your company is breach free. You can stand aloof from the peasant companies below wallowing in their sea of broken trust.
It’s true no company is ever going to be 100 percent secure, even if they are all paper completely off the grid. We now have the ability to carry a high resolution scanner into almost any building or location we go. (Yes the modern cellphone.) That doesn’t mean that companies should give up and just wait for the inevitable. 99 percent secure is still a good number to shoot for and something you should be proud of.