According to popular internet security blog Hackmageddon, the U.S. leads the world in the number of daily cyber-attacks. In fact, cyber-crime is responsible for almost 70 percent of the motivation behind the attacks. Anyone who watches the news will see that both small businesses and major companies are continually victimized through having sensitive customer and financial data stolen. The good news is that there are proven ways to defend your business from potential hackers and cyber-attacks.
Hackers can begin their cyber-attack the old-fashioned way – through stealing company equipment. A laptop carelessly left out is an easy target for a cyber-criminal. Building security is equally important as cyber-security. A security system with cameras is only the first step. Visitors and non-employees must not be allowed in areas where employees deal with sensitive client or company data and information. Only IT or management should have keys to server rooms. Consider physically securing laptops or desktops to the desks through Kensington® locks.
Upper management often struggles with understanding Information Technology (IT) and why it’s important to continually update both software and hardware. As a result, they may disregard the IT Manager’s budget requests for “another update.” New malware, Trojans and viruses are continually being created every day. As a result, software companies are continually providing new updates, bug fixes and security patches that will solve these specific attacks. Keep in mind that the company IT professionals must receive continuous education to keep up with IT changes. Consider encouraging your IT professionals to formally continue their education. A Master’s Degree in Information Assurance is an excellent investment for both employee and the company.
Every business should have a firm security policy that establishes clear guidelines and sets expectations for employees. Every security policy should include a password policy, screen lock out policy and privacy pledge for employees to safeguard data. Every employee must understand the consequences of “social engineering,” which refers to a psychologically manipulative technique that hackers use to gain IT information. For example, a phising attack is an official looking fraudulent email that warns of consequences unless the user clicks on a link, which will result in information being stolen. In addition to this, there should be strict guidelines for email, internet, social media and cell phone usage. Finally, there must be guidelines for reporting security breaches or problems. Management must hold employees accountable and discipline when necessary.
In conclusion, companies can maintain security through physical security, continuous updates and enforcing a firm security policy.