If you understand security is about protecting the data, you’re only half right. True, protecting data is a topmost priority today. Businesses run on data, which includes documents and media, as well as electronic data. In this information age, if an organization fails to protect its data, it won’t be successful.
But that’s enough about data. We’re sure you’re already on top of data security. There are other aspects a security professional will tell you are equally important.
Security Starts with Individual Users
It is easy to see that every employee who uses, creates, and moves information is going to be critical in the protection process. If any one of these users fails to follow procedures, it could place your business information at risk.
Therefore, the disaster recovery professional must include every employee in the company into the security program.
One of the ways to involve employees in the program is to create a policy for the company to follow. Let users of web applications, servers, devices, etc. know what they can and cannot do with business information, portable media, mobile devices and company computers. Don’t forget the mobile devices used to collaborate, work on the fly, and correspond with colleagues.
You’ll want to rope in everyone in your company to become vigilant about suspicious things. For example, they should be able to catch and avoid a series of suspicious emails. You should alert them to the fact that sudden changes in their workstation performance can mean an attack via malware.
Don’t forget that the individual employee is the one in control of the USB flash drive and computer laptop containing sensitive business information. You must protect this front by training staff and re-educate them about how they can be wary. Your company security is not in your hands alone. Every employee is responsible for the way they use their devices. You may have to provide a little training on how they should handle their laptops, mobile devices, and media.
Be Wary of Every New Tool, Program, Project, and Technology
Always be extra cautious and extra sensitive to new ideas and tools. Since they are new, attacks through them are likely to be more subtle and sudden. For instance, recent waves of malware attacks have used social engineering via social media. Social engineering involves convincing victims to part with sensitive information like their credit card number. Cyber criminals then use this information in the guise of helping, to extract more information such as passwords.
Clickjacking is another method which tricks people into clicking on unexpected links on websites. Hackers also set up fake open WiFi hotspots around coffee shop hotspots, to lure us with the promise of free data.
A hacker could even use LinkedIn for social engineering. He could use the information for drawing up links between people in an organization, organizational charts, etc. to derive information that it can use for espionage, identity theft, etc.
To stay safe from such attacks, you and every employee must be extra cautious with every tool, idea, technology, etc. and look for ways in which you can steal data or abuse the new tools or ideas. When you’ve found these loopholes, you should find methods to protect these vulnerabilities.
Convenience is Not Always Secure
One sure shot way of identifying whether or not security is too lax in your workplace is to look at convenience. If a system is too convenient, it is bound to have poorer security. Any tool or feature that increases comfort makes it easier for hackers to break in. You’ll see an application of this in WLAN. The convenience of being able to use your laptop and log in anywhere came with a risk. Cyber criminals could eavesdrop on conversations between computers that the LAN otherwise protects.
The most cliche-sounding but crucial piece of advice that any security professional can give you is always be prepared. You can never be too prepared. Don’t stop with the first line of defense. Add on as many layers of protection as possible, sacrificing a little convenience if you can, for the sake of the safety of your business information.
Does the security program at your workplace need an overhaul? What are the steps you think you need to take for better protection? Let us know!