7 Decisions to Protect Your Bottom Line
In today’s fast-paced work environment, leaders have to stay focused on the direction of their business, but also be aware of “game-changing” security issues that can occur. While professional advice and management is recommended, leaders should be aware of what to look for and what questions to ask.
The following are 7 common security measures that you should be aware of to minimize the risks that can impact your business in both obvious and covert ways.
1. Implement Proper Web Security
As email protection greatly improves, attackers have moved to social media and legitimate websites to target users. Tricking users with fake virus warnings or utilizing “drive-by” virus infection techniques on websites that infect computers in the background without requiring any interaction from the user are more and more common.
This new generation of threat has underlined the need to implement web-filtering technology that not only blocks access to specific websites or content, but actively filters web traffic from viruses and other malware before they are downloaded to workstations. This significantly reduces the threat of users unintentionally downloading viruses or disclosing sensitive company information.
2. Control Mobile Devices
Security threats from increased use of smart phones, tablets and other mobile devices will continue to rise as the devices become more powerful and numerous. Mobile devices today have considerable storage capacity, and are smaller and more portable. Unfortunately, they are very easy to lose, misplace, conceal or have stolen.
Implementing technology that can secure, backup and remotely control devices if lost is only half the battle – management must drive responsible mobile device usage through policy enforcement and user awareness training.Any mobile devices that access sensitive company information should be treated like any other endpoint device – managed, protected and subject to the same internal security policies.
3. Realize that Smaller Businesses Make Easy Targets
It’s not just the big guys! While many small and medium-sized businesses do not consider their networks at risk of random or targeted internet based attacks, the reality is that industries in Western Canada are amongst the biggest in the world, and strong economies equal large dollar targets for attack. As well, attack software’s sweep IP addresses and randomly attacks any site that lets them!Recent attacks where Alberta-based energy companies were targeted have highlighted the need for smaller businesses to properly invest sufficient time and resources to protect their IT infrastructure and sensitive information.
It is important to be aware of the potential risks your organization faces and ensure you have taken the appropriate steps to protect the Confidentiality, Integrity, and Availability (CIA) of your data and network. Too much protection could be a waste, but understanding the ‘right’ amount is the key. It’s best to contact a professional for advice.
4. Antivirus Must Be Updated
There were more than 286 million unique instances of malware in 2010, posing a significant challenge to traditional, signature-based antivirus products.
Businesses need to implement endpoint protection solutions that don’t rely on static updates of virus signatures to protect their network. Instead, leveraging the latest generation of antivirus products that implement enhanced heuristic controls to analyze an application’s reputation and prevent suspicious actions.
5. Patch Smarter, Not Harder
Third-party programs such as Flash, Java and Adobe Reader are responsible for 69% of the vulnerabilities on a typical server or workstation.
With the number of patches released weekly, businesses should utilize patch management software that can not only automate deploying third party patches, but prioritize patching according to real work risks and vulnerabilities.
6. Security Compliance – Know What is Expected of You?
Most industries have security standards that must be adhered to, and those that don’t are still governed by government-guided privacy standards. Examples include Payment Card Industry security standards for any company that accepts credit cards and PIPEDA for the protection of personal information and electronic documents.Protecting your data starts with identifying and properly classifying sensitive information. As well, we must all understand what standards we are to use to ensure we are applying the correct amount of protection. Once the ramifications of information being leaked, copied, lost or having the integrity compromised is understood, you can begin to implement controls to more effectively protect that data through Data Loss Prevention and encryption solutions.
7. Security is Everyone’s Responsibility – Not Just Your Security Expert’s!
Effective security starts with your users, as they are often the weakest link in any business’ security strategy. While management is accountable for security, embedding security into your company’s culture can make security everyone’s responsibility. Don’t let security become an afterthought; make it clear what is expected of users and the risks of neglectful actions.Easy to guess passwords, un-secure technology implementations in the name of convenience, and dumping data to USB drives or to the personal email accounts for access from home or use on the road, are all too common risks that employees introduce into your business. Consider how you are educating users on safe internet browsing and how to recognize social engineering attacks.