[BreachExchange] Protecting Against Inside and Outside Threats

Audrey McNeil audrey at riskbasedsecurity.com
Thu Feb 2 17:18:48 EST 2017


https://dzone.com/articles/how-a-small-business-can-
protect-itself-from-cyber

With a new or small business, taking steps to be safe from online crime
should be an important part of your company’s daily routine.

While you don’t want to operate from a position of fear, a healthy respect
for security with your technology and the internet is vital. Hackers really
are out there, looking for vulnerability. Have you established security
routines for all of your staff? Once you or your IT group develop a plan,
debug your system, and train staff on security, you’re part way there.

What you cannot train staff for is being human. People are compulsive.
They’re naturally curious. Maybe there was an odd screen on the monitor
asking for new security questions to be completed and a password changed.
The staffer complied without asking your IT person or manager if that was
something they generated. The request was there, it looked legitimate, so
they complied.

Suddenly, your company data is vulnerable. You might be a victim of malware
or ransomware. The hackers might hold your data hostage until you pay them.

Being Secure From the Inside and Out

While online crime is a major threat with reports of hacking reported
regularly, consider also companies you have contact with regularly online.

An example: A hospital had a point of vulnerability they never considered —
the hospital cafeteria’s credit card processor. Most people would not have
considered that connection, which netted the hackers thousands of
patients’, visitors’, and hospital employees’ data.

While small businesses may not have thousands of people at a credit card
checkpoint, as the hospital did, the situation demonstrates that every
organization can have a weak point in their data collection and security.

And don’t forget your in-house potential. Who do you trust? Consider
employee computer usage. With what seems insignificant personal computer
searches or social media interaction, an employee may have left your
company’s data open to hacking.

Considering the following measures to increase your company’s computer and
cybersecurity:

Start Small

As part of your mandated daily employee routine, verify that employees use
complex passwords in combination with numbers that are not based on pet
names, birthdays, anniversaries, addresses, or graduation dates. Each
account should have a different password. Insist employees not share
passwords with other employees.

Professional hackers have fun trying combinations until they access
accounts. This can happen at even the most unlikely levels — the CEOs of
companies you’d consider the most savvy have been hacked! Don’t make it
easy!

Take Precautions Against Employee Sabotage

When individuals leave the company, be sure to take steps to change
passwords and secure data. No matter what the situation, it’s best to keep
everything secure from disgruntled employees.

Start before you even hire employees by checking credentials carefully.
Especially for employees who have functions dealing with money and
accounting, have a trusted outside source audit the accounts if the company
is missing funds.

Use the Proper Software to Protect Your Company Data

Choose those rated highly and install anti-malware, antivirus, firewalls,
and anti-spam applications.If your company does not have a dedicated IT
person, find a firm that has many recommendations and is noted for its
expert knowledge in cybersecurity. Have them install the applications and
train trusted employees to monitor the results.

Train Employees

Teach employees to secure their data so the routines become second nature.
Employees who manage payroll and bank records should know if a process has
been compromised. Keep new and established employees abreast of your
current best practices by running regular security seminars. Show them what
is expected with examples to make the situations real.

Make changes regularly to keep everyone on their toes.Update systems,
programs, passwords and security, but not so the changes are predictable.
Store passwords in secure ways — and not in cell phone cases, handbags, and
wallets.

If this sounds like paranoia out of a sci-fi film, it is not. Real damage
can be done if these security steps are not taken seriously. Trust no one.
A digital world exists where wily cybercriminals pride themselves on
accessing data. Don’t make it easy for them.

Inside your organization, without being corporate spies, employees can
unwittingly be damaging your security. And, even more insidious are the
employees who are bleeding their companies because they have figured ways
to scam. Tighten up security. Don’t make scams tempting!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170202/0f3845c4/attachment.html>


More information about the BreachExchange mailing list