Think IT Can Handle Security On Its Own? Think Again

By

One of the major fears of any IT department is losing control – of projects, of users, of applications. Yet, even with the best technology solutions, there is no way for IT to have complete control over what is arguably the most important thing: security.

There are simply too many threats coming from too many places and in too many forms for IT to protect fully against every single one. IT needs help. To maximize your company’s security, every employee needs to be aware of their role in the fight against cyber threats.

Below are three of the most common security threats that can bypass traditional IT and security solutions, and three ways your company can help regain control.

Social hacking

Social hacking is maybe the most personal cyber attack. It is, simply, when a hacker gets access to your systems and data by manipulating an employee in a personal way. There are a few popular examples. First, a hacker sends an email that seems to be from a high-ranking client employee – think C-level – asking for sensitive data about their account or your company. Since the request comes from a familiar, important person, the employee provides the information, never noticing that the email address was one letter off from the real one.

Another, more insidious version of this attack involves hackers disguising themselves in an employee’s social network connections. They then gather personal information about the person and use it to get close to them. Once the hacker has the employee’s trust, they request – and often get – information that can compromise your company’s security – all without your employee thinking twice about it.

Ransomware

Ransomware is just what it sounds like: your company gets held for ransom by hackers. The idea is that hackers gain access to your data and lock you out, then demand payment to return control to you. Ransomware attackers often get this access through email attachments or Internet downloads that look like legitimate files.

However they gain access, the result is the same; your data is held hostage. The costs of these attacks don’t end with the ransom, either. When you consider downtime, employee time to get the files restored, and even legal fees and compliance fines, the true cost of a ransomware attack is often many times the ransom amount.

Simple human error

Human error is perhaps the most unnerving for IT departments. The problem is so big, and the situations so varied, it’s hard to know where to start. An employee may leave a laptop unguarded at a coffee shop, forget their cell phone on the seat of a train, or even just drop a USB drive out of their pocket. This list continues, but you get the point. If these seemingly innocuous actions lead to the devices getting in the wrong hands, your network and data can easily be compromised.

Now that we’ve seen some of the attacks that keep your IT department up at night, it’s only fair that we look at some ways to mitigate them.

Backup your data

Backing up critical data is something we all mean to do, but probably actually do a lot less frequently than we should. But if you get attacked, a recent system backup is one of the most important things you can have to get back up and running quickly. If you suffer a ransomware attack, you’re much more likely to have to pay up if you haven’t backed up in a month than if you religiously backup on a regular basis.

It’s not enough to just backup, of course. You also have to test to make sure your backups will perform in the case of an emergency. There are managed backup and recovery solutions out there that can help automate this process so it happens in the background, without taking up valuable IT resources.

Dispose of your data

In addition to backing up your data, it’s important to dispose of it when necessary. Old data is a real security threat that is often stored in unsecure ways, or completely forgotten.

Your company should have a consistent, documented protocol for the disposal process. If your whole team conforms to the same procedure of what data to dispose of, when and how, this data becomes much less likely to be compromised. This step is so critical that many companies not only train employees on the process, but have them sign a document confirming that they will follow – and understand completely – the protocols. This isn’t a bad idea when you consider the risk old data can be.

Employee training

We’ll end with, bar none, the most important non-technical thing you can do to avoid cyber attacks: employee training. Training on data disposal is critical, but that’s just the tip of the iceberg. The more your employees know about the attacks they could face, how to recognize them and what to do if they think they’ve been compromised, the better off you are.

This training can’t just be given when employees come on board. It has to be consistent, and it has to evolve as threats do. This means more frequent, shorter updates. Just running training sessions isn’t enough, of course. Many companies give random tests to see how employees do, a practice I wholeheartedly recommend. For example, one company sent an email saying the employee had received a raise – all they had to do was go to a site and enter some personal information. Two-thirds of the employees entered their information and failed the test. Now, offering a fake raise is maybe not the most employee-friendly way to test, but there are any number of scenarios to use that can check your employees’ knowledge.

The cybersecurity landscape is getting more complex every day. IT does everything it can, but it needs the help of the entire organization to keep you as safe as possible. Recognizing these potential attacks and enacting these three simple strategies can ease IT’s burden, and ultimately keep your company safer.

About the Author

Scott Youngs is the chief information officer of Key Information Systems, a leading regional systems integrator with world-class compute, storage and networking solutions and professional services for the most advanced software-defined data centers. These competencies are tightly complemented by a full suite of data center capabilities, including private and hybrid cloud offerings, connectivity services, colocation facilities and managed services.




Edited by Alicia Young
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Can Science Outsmart Deepfake Deceivers? Klick Labs Proposes an Emerging Solution

By: Alex Passett    3/25/2024

Researchers at Klick Labs were able to identify audio deepfakes from authentic audio recordings via new vocal biomarker technology (alongside AI model…

Read More

Top 5 Best Ways to Integrate Technology for Successful Project-Based Learning

By: Contributing Writer    3/19/2024

Project-based learning, also popularly known as the PBL curriculum, emphasizes using and integrating technology with classroom teaching. This approach…

Read More

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More