Don't Forget, It's About Security
by Scott M. Lewis
It is 2017 and cybersecurity is still one of the hottest topics discussed at tradeshows and conferences. It is still amazing to me that as connected and always on that we want to be as a society that we do not spend more to protect the data that we are so willing to expose through online platforms. It is almost like we have given up and decided that, oh well it’s out there and people are going to get it regardless of what we do to protect ourselves. According to Security Magazine’s July 2016 issue, only about 31% of small businesses take active measures to protect themselves against cybersecurity breaches. On top of that, only 22% are willing to improve security measures and spending over last year.
Small- and medium-sized businesses continue to be one of the largest business segments that cyber-attacks are focused on. This is primarily due to the business owner’s lack of awareness of the threats they face, along with under estimating their exposure to cyber threats. It is estimated that in small- and medium- sized-businesses that 75% of workstations are unprotected or restricted to prevent unauthorized access. This is an amazing statistic since local workstations are one of the primary access points to your network and data. Workstations are basically the front line to your business, and too many business owners still believe that traditional anti-virus and firewalls are sufficient to protect their businesses; think again.
Social media, we love it! Next time you are in a restaurant, look around. Families are paying to have dinner together but not one conversation going on between them. They are all face down in their phones or mobile devices. Guess what they are doing that at work too. So, what are the risks of social media or, better yet, how is social media being changed into social engineering and how is that effecting your business?
We have to keep in mind this is not a technology problem; it is a human problem. The technology works, but humans make mistakes and those mistakes can be exploited. An example of social engineering in motion was in an article from SmartFile written by Curtis Peterson in March of 2016 where he outlined a phone call from a hacker to the FBI. The hacker called the FBI helpdesk, explained that he was a new employee and was having issues with the employee portal. The helpdesk asked if the hacker had a token code. The hacker responded no. The helpdesk said ok, use one of ours. Following a two minute conversation, based on social engineering of human behavior, more than 20,000 FBI records and 9,000 Homeland Security records were released to the public. This is simply an example of how we need to recondition our employees to be less trusting, ask better questions and increase security awareness training.
The rules of engagement haven’t really changed over the years. It has always been that you have to take an active approach to security. It is not set it up and forget it any longer. Your team has to proactively manage security, implement countermeasures and constantly be aware of new threats. Some basic things that you can do to help your employees and your business be more secure include:
Awareness Training. Again the problem is not a technology problem, it is a human problem and training your employees is key to an overall security strategy. If your employees don’t understand social engineering, current threats or how the newest scams can affect your business, than you are more likely to be a victim of hacking, ransomware, or stolen data.
Policies and Procedures. It is critically important that you have an idea of the electronic tools that your employees use to do their work. You have to understand that in order to write policies and procedures to protect your company or organization in the event that it is used inappropriately or worse illegally. I have always told our clients the policies and procedures you have are your legal teeth and protection. However, when you have teeth you can decide how hard you want to bite if necessary. Without them you have no protection and no teeth and you are simply accepting the outcome of others’ actions.
Keep Up to Date. As always keeping operating systems, networks, firewalls, routers, and software applications up to date should be a priority. Most manufactures and software companies spend a lot of effort to harden their hardware and software. However, if you are not up to date, than you are exposing your business and your data to known weaknesses and those weaknesses can lead to breaches and data loss.
So what does the future look like for cyber security and cyber threats? You’ll see cybercrime become mainstream, organized crime will expand in the online world, malware including file-less malware will continue to grow and cost companies millions to protect themselves. You will see further expansion of Ransomware and Crypto locker style viruses as they become more and more intelligent. You’ll also see Ransomware spread to cloud based applications and big data warehouses as hackers further develop methods to attack areas of the cyber world that haven’t been exploited yet. You will also see further expansion in social media attacks and the use of malware that attacks mobility devices that have network access in order to go after corporate networks. As you evaluate your business keep in mind there are countermeasures and protections that can help protect you. However, you have to take a proactive approach that has a layered methodology to security that casts a wide net to stay ahead of new threats, and don’t forget it’s about security.
Scott Lewis is the president and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small businesses to empower them to use technology to improve work processes, increase productivity and reduce costs. Scott has designed thousands of systems for large, medium and small companies. Winning Technologies’ goal is to work with companies on the selection, implementation, management and support of technology resources. Learn more about Winning Technologies at www.winningtech.com or call 877-379-8279.