News of security breaches and corporate hacks have gone from internet forums to the front page. The bigger the company, the more significant the effect on the global economy, news cycle, and to other large corporations.
While those events lead major news outlets, the threat is spreading to businesses of all sizes in every industry now.
That means the time is now to rethink and redesign your company’s security policies and practices.
“It’s a sad state of affairs that we even have to have these conversations, but this is the world we live in now,” says Intivix partner Rob Schenk. “Businesses are going to continue to be breached, and the severity of these breaches is going to increase in magnitude.”
Plus, these breaches are happening faster. Less than ten years ago, it would take a hacker about 28 days to build a program to exploit a system vulnerability (a way for a hacker to gain access to your network). Today it takes a hacker less than a week.
Here’s some more frightening information. In 2010, there were approximately 47.05M samples of malware out in the world. Five years later that number jumped to 470.01M. Last year, that number nearly doubled to 856.62M.
These cyber-criminals are working smarter and faster. And, these security risks are becoming more expensive and more threatening to businesses. Indeed, it’s being reported that 60-percent of small businesses close within six months of an attack.
Last month we wrote about Building a Successful Partnership Between Business Leaders and IT Pros. While the focus in that article was on how these two entities can partner during digital transformation events, many of the same points are relevant when we discuss security.
Specifically, it’s helpful when a business leader looks at security as more than just an insurance policy that’s triggered when a breach occurs. Instead, proactively setting tighter security protocols helps a business grow because it removes that concern from the back of a manager or owner’s mind and it offers an excellent opportunity for enterprise longevity (see note above about percentage of businesses that close after a hack).
Likewise, those of us on the IT side need to understand better that business leaders cannot tolerate massive roadblocks to growing the bottom line. So, we need to be part of the business solution rather than slowing the process down.
The first step in improving a businesses’ security is to audit its network, looking for weaknesses and vulnerabilities. Understanding what needs to be enhanced inspires a thoughtful security plan that is easy to introduce, implement, and maintain.
Next, we recommend Security Awareness Training for the entire company. During that training, we discuss things like avoiding a phishing attack, smart password management, utilizing Two-Factor Authentication or Single Sign-On.
Walk around your office. How many sticky notes do you see hanging from computer monitors with passwords out in the open? How about under desk blotters or keyboards? We’re going to guess the answer is more than one.
Employees will often do this because they have too many passwords to remember at work. We often suggest using a password manager like LastPass or 1Password to help manage the growing number of required login credentials.
One of the other things we do during the Security Awareness Training is review password best practices. We go from the most basic — don’t use the same password on all websites — to more advanced password methodology, such as using a key phrase (“The-duck-flies-south-XXX,” for instance) and changing the XXX at every location.
While cyber-criminals are out looking for access to all types of networks, clearly financial accounts are their most popular targets.
As Intivix focuses more and more on security, we are recommending that companies activate either:
Two Factor Authentication – when you attempt to login to a website or account a unique code is sent to your mobile phone that needs to be input before access is granted.
Single Sign-On – an authentication service that enables you to use one set of login credentials to access multiple websites or accounts.
IT pros and technology companies are not the only ones that know about security vulnerabilities. Hackers are tracking and probing Windows and Macintosh systems to find a way in to steal intellectual, financial, and personal information.
Therefore, it is crucial to keep your computers and networks up-to-date on an enterprise-wide level. An active patching and updating program will help lessen a hacker’s opportunity.
Each of these is vital to a company’s ongoing security activity, but one thing stands out above all others: start now. As the old saying goes, an ounce of prevention is worth a pound of cure.