Spending thousands and thousands on security products, firewalls, anti virus software and consultants and yet for some reason, the bad guys still get in, viruses corrupt data and people are left standing around unable to work.
We hear of how massive corporations are being hacked into and breached, with budgets stretching into millions of dollars, how are you supposed to protect yourself if the really big companies cannot?
We all remember the infamous "ICloud Leak" that took place, where photos of nude celebrities where leaked across the internet and who can forget the controversy surrounding Seth Rogen's movie about assassinating a certain leader of a country.
If you don't have millions of dollars in budget, how do you stay safe?
The most common factor in many security breaches is down to one factor. Human error.
Hard to account for, difficult to predict, almost impossible to budget against. When you are a 5 man office it gets pretty easy to keep people accountable and managed, when you have a global workforce of 5000 strong, then it gets much harder.
A major way of preventing security breaches is to provide effective training and management of your teams, here is a list of common scenarios where security breaches can take place.
- Someone finds a USB stick in the car park outside, they plug it into their computer curious to see who it belongs to.
Unfortunately the USB stick was filled with software to take control of the PC, the network has now been breached. - A member of staff is putting together a powerpoint or brochure for a new project, they find a website allowing free fonts to be downloaded.
Tricked again. The free fonts website actually contain booby trap viruses, one of them happens to be Cryptolocker. The entire business is down for 4 hours. - An email is received from a known customer, the customer has attached his purchase order in a zip folder.
Turns out the customer's email was falsified and the zip attachment contains a virus.
Each of these 3 scenarios and hundreds more like them, are easy to prevent, yet they rely on members of your team being vigilant for threats.
Heard it all before?
Chances are you will have heard about all this before now, in some cases you might have been made to sit through a non-exciting training session. Unfortunately as some of the largest companies in the world are finding out, there is no room for complacency when it comes to security.
This is not a problem for the IT guy in the back office, the VP of technology or the COO. This is a problem that affects everyone in the company and it needs the involvement from everyone in the organisation otherwise you will be breached. It is not a question of "if" but when.
Companies normally delay investigating how they can get better at security until they have a breach, gambling their hard earned reputation and trust from their clients.
How you invest into your security depends on your circumstances and what you are trying to keep safe. I will not try and tell you what the best way is but no matter how you choose to prioritise, don't forget about the human component. You can buy the fanciest firewall with all the features ever conceived but it still leaves you vulnerable in other areas.
0 comments:
Post a Comment