My Blog

Why spending money on advanced cyber security software, hardware and third party specialists can still fail you!

Why spending money on advanced cyber security software, hardware and third party specialists can still fail you!

In today's world, as a business, it may seem that you are under constant threat of being attacked, or worse - constantly being attacked.

Cyber threats come in several forms, from countries looking to engage in espionage, the cyber criminal looking to steal valuable information to use and exploit, and even 'issue motivated' groups looking to steal or cause disruption.

Cyber criminals continue to find new methods of getting what they want, the more money you spend on upgrading your systems, the more time they will spend finding new ways in.

That being said, even if you do spend money and continually upgrade your security, who is to say that will eliminate probably the biggest risk that every small, medium or large business will have? A threat that isn't listed above…

What is that risk you ask?

The simple answer is; your people! Your employees are probably the largest risk to your organisation, whether through malice or by accident, they can cause you more problems than you think.

You trust your employees, that's why you hired them, right? But what if that employee who has been with you for 10 years is having a bad time in their life away from work and they need extra money? What if that employee is good at their job but is a little unaware of newer technology, or even the full company policy? These are only a couple of things that could be a reality. These realities could cause your company's security to fall and I have seen organisations in the past disappear within weeks because of it. There was no way to recover after large data loss, and the financial implications that went with it for some of them, which is a real shame as it could have been different with a little bit of thought and pre-planning.

An employee may use data for their own gain, or they may be persuaded by somebody outside your organisation to extract data or manipulate the data. Thats scary isn't it? It's called Social Engineering and the employee may not even know that they are doing it. The 'Social Engineer' could well be acting as an employee of an organisation you deal with, or even pretending to be an employee of your company (if it is a large organisation). Social Engineering is an interesting topic and I won't go into it too much now. You just need to understand that although you think your employees are trustworthy, and may well be...there are methods of manipulating them to get around that. Fortunately, there are things you can do to reduce the chances of a breach.

It's important for you to understand the basics of the 'employee risk' in order for you to be able to monitor and counter any attack. Below are some simple questions that you should ask yourself about your business, and if you don't know…you should find out quickly.

  1. Do you know what valuable data your organisation has? This may be data that doesn't seem particularly valuable to you, but may be valuable if it were in the hands of a cyber criminal. A simple way to answer this is to think about what data would cause you a real pain if you were to lose it? Once you know what data this is, you should create a list of all of that data and keep it secure, ideally on paper somewhere away from the companies data storage, for obvious reasons. I don't usually recommend it these days, but good ol' pen and paper here could save you a lot of problems down the line, and don't just create the list and put it away, keep it updated when you have new types of data!
  2. Do you know who has access to that data? Who has administrative rights to the data? And I guess one of the largest questions you have to ask once you know these answers is; do ALL of the people that have access, actually need access to the data, or do they need administrative access? Limiting data access to only what is needed for their job, will begin to reduce your risks. Look at it like this, would you let anyone have access to a set of keys for your home or vehicle? You must closely monitor data access requirements and adjust accordingly.
  3. Do you know where your valuable data is? You may use local databases or spreadsheets, or you may use cloud hosted CRM systems, or do you process customer data through your website?…where is your website hosted? Where in the world is it hosted? Is it stored within your organisation or with a third party? Some countries have less restrictions on data access, some third parties enter in to their terms that you agree that they are able to scan your data for information and use it for themselves…bet you didn't know that? Cloud storage services are currently the worst for this.
  4. Who protects your data? Knowing who is protecting your data seems like an obvious thing, but 75% of business owners don't actually have anybody protecting their data, they just create the data and use it, nobody looks after it and prevents unauthorised access. If someone is protecting the data, where are they?
  5. How well is your data protected? Once you know who is protecting your data, find out exactly how well the data is actually being protected. Is it monitored 24/7? When are they available? What protection is actually in place and is it actually being adequately protected or is there a better organisation or person that could protect it? Make sure you know exactly what is being offered and be difficult. A good online security specialist will explain everything in detail, if they are unwilling to explain, or are evasive…go somewhere else! it is your data that is at risk if it is not protected adequately, not theirs. You will be the one who receives the fine, and potentially lose your business.

Once you have answered these questions, you can sit comfortably knowing that you have done everything you can to protect your organisation and manage your data. You may still have breaches, but at least you know you have covered every angle.

If you need advice about cyber security, protecting your data, or would just like a general chat about cyber security and employee risk, please don't hesitate to contact me. I would be more than willing to assist where I can.

Google's new HTTPS policy
Keeping Children Safe with Technology - A Parent's...

Related Posts

All Content Copyright © 2017, Nick Seal. All rights reserved.