You’ve spent loads of money buying top-end security hardware. You make people use complex passwords and smart cards to access the network. You put cement barricades around your office, have armed security guards with machine guns and hired the smartest information technology guy on the planet to monitor your systems. You sit back drinking your favorite beverage and think, “All is great, all is secure.”
Well, take your feet off the desk and swallow that drink, because you’re wrong – very wrong.
Hole truthThere are thousands of potential security holes in any business, at any given time. In the world of IT security, these are called attack vectors. An attack vector is the multitude of places where a security attack could come from.
The biggest security hole is something you pay for every single day. It’s something you almost always must have in order to make your business successful. It was the cause of the Target Corp. (NYSE: TGT) and the Neiman Marcus security breaches; in fact, it can be attributed to most breaches in the world. That hole, that thing, isn’t really a thing at all – it’s a who.
It’s not some hacker sitting in a dark basement in Yugoslavia. The biggest security hole is the people in your own company. It could be the person in the office next to you. It could be your assistant’s kid, It could be the HVAC technician or another vendor who works with your company. People are the primary security risk to every business on the planet.
The human factorI’m not suggesting people are stupid. They are just not generally IT security experts who understand all the risks.
Years ago, I was in a new client’s office and had to call back to my office to discuss a problem about something that was going on with this client. I was standing behind a manager in the company while on my cellphone having this conversation. Through the corner of my eye, I saw an email come in to this person’s email client.
The world suddenly slowed down. I squinted to determine if it was what I thought it was and his mouse started moving toward the email, I tried to reach behind the manager and stop him, while simultaneously saying, “No, no, no, nooooo.”
Then he clicked it.
The email was a virus I knew about. Literally right before my eyes, I watched every computer in the office become infected within the span of 10 seconds. It was like in the movies when a hacker breaks into a system. Everyone’s computers started making noises, everything crashed, and people were looking around at each other. It was a nightmare that took thousands of dollars and many hours to fix.
Employees have important knowledge and skills that make them valuable to a company. They are considered an asset by most. They keep the wheels of business in motion. Suzie in accounting might be an accounts payable ninja and John in sales might be able to sell ice to an Eskimo, but both of them could cost your company thousands, if not millions, of dollars, and frankly could put you out of business.
Closing the gapPreventing the plethora of people-related security holes in any company is a full-time job, but let me list some basics to help assess your own security risk:
• Perform background checks on your employees.
• Train employees on proper use of passwords, systems, social engineering and policies.
• Use business class hardware and have an expert configure them properly.
• Lock down rogue applications to prevent data leakage.
• Ensure remote access is secure and encrypted.
• Secure mobile phones and tablets properly.
• Hire experts that monitor your system 24-7 for security and performance problems.
This is a basic list, but the first two items alone can make a huge impact. Becoming educated and in educating your employees, you become empowered to take on many security risks. It might not feel as cool as having armed security guards with machine guns, but you will prevent something as simple as a mouse click from costing you your business.
Todd Nielson is chief strategy officer for JMark Business Solutions Inc. He can be reached at tnielsen@Jmark.com.[[In-content Ad]]
