This week we are going to take a look at the Cyber Security concerns keeping leaders up at night. We have dealt with a number of these and taking preventative measures will help minimize threats. There are no guarantees none of these will happen to you, however, your stakeholders will expect you to at least have strategies and ongoing updates in place.
Ransomware is the top security concern for leaders today. Ransomware is malicious software that hijacks company data requiring a ransom to be paid to retrieve the data.
Many feel they are too small or have valuable information to be attacked. This is a false sense of security as ransomware is random and everyone and every organization is a target. Yes, this is serious and it is happening around us.
Leaders need to protect their company data, have good back-up and disaster recovery strategies in place. The last thing you want if attacked with ransomware is to pay the hackers.
Malware is software specifically designed to take over, disrupt or damage a computer system. There are anti-malware software you can run to check if a computer has been infested.
The most common way to invite malware is by going to certain websites. Always know and trust the websites you and your team are going to. Leaders need to ensure their teams are educated and they have a good internet use and policy in place with an investment in the right solution to help minimize malware.
3. Internet of Things (IoT)
We are adding so many new devices in our organizations today (and at home!). Devices such as cameras, alarm systems, thermostat controls, lighting controls and the list goes on. These devices are usually connected to your computer network and may or may not be secured. It is critical to have a security group policy for all devices connected via wire or wirelessly and to keep all security patches updated.
When hackers look for open ways to get access to a company network, these devices are not always as secured as the rest of your technology assets. Random attacks can easily find these devices allowing the hacker to attack thru them.
Phishing schemes are attempts by scammers to trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers.
This is the easiest way for outsiders to attack your team and gain knowledgeable information to harm your company network and data. Leaders can bring in experts to help educate their team. We offer lunch and learn with complimentary pizza to share the latest threats and best practices.
5. Password Attacks
There are password attacks happening randomly to any organization to gain access to sensitive data. Many password guessing software exist using different strategies. A good protocol for passwords is not to use any names or words and make it at least eight characters long. Include at least one capital letter and a symbol. Change the password often such as monthly or quarterly.
Leaders need to empower their team or technology partner to have layered security measures in place and to keep these updated regularly. Today, business is truly 24x7 and your company data needs to be protected as such.
It's So Random
Many leaders ask why their company was attacked or why would their company be attacked? Imagine we take a busload of people, stop in a random neighbourhood, ask everyone to run to every home and see if any front or back door is unlocked. The doors that are unlocked are opened, they run in and now have access to whatever they want in that home.
Not a pleasant image? That is the closes analogy I can think of why any company may be attacked: it is random. Just like we lock the doors at home we need to lock all our doors at the office.
Review Your Security Strategy
Review your security policies and strategies on a regular basis. Work with your internal resources and your technology partner to build a better layered security protection plan. Leaders will be called upon in the case of an attack or data breach. Be prepared to answer the tough questions on what you have in place to protect your company data.
We have been involved in a number of different attacks and the stakeholders want to know what their leader has done in terms of protecting company data.