It seems like every few weeks has revealed another major hacking case, where a group of malicious agents break into the computer system of a major company or government agency and steal the personal information of workers or customers. All kinds of companies seem to be at risk for these kinds of attacks, and it seems difficult to imagine if there are any good security protocols that can actually prevent this kind of breach. In this post, we will discuss some ways companies can structure their security to reduce the risk that they become the victim of the next major hacking incident and what every small business should know about digital crime.
Learning from the Past
The first thing to remember is that physical security is just as important as virtual security. A lot of hacking attempts succeed because the attackers had a local way in. It only takes one compromised flash drive left out in the open for some curious person to plug into a computer to open the floodgates. Physical security is the best way to head off such threats. Identifying who should and should not be in particular areas and tracking down any suspicious people in the local area are good ways for physical security to complement digital security. This is why physical security is still so important in this day and age. The good thing about physical security is the fact that it’s so easy. Nowadays setting up a simple camera system for your business such as Pro-Vigil does just as good of a job as hiring a team of guards. However, just because physical security is easy doesn’t mean you should just ignore it.
The next important thing to think about is password protocol. It is entirely likely that someone on staff made a mistake and left a password that was too easy to guess. Having simple passwords, repeating passwords, and writing down passwords also makes them much less functional as security tools. Most people ignore the emails from the tech staff to keep their password updated. Since so many people choose easy passwords that you can guess rapidly, it does not take experience to know that hackers can break into a network via weak passwords or even the most simple phishing attack: calling up users at the company and telling them the call is from the IT department and they need to tell them their password for verification purposes. Many people still fall for this, so passwords are a major liability.
Sometimes, companies experience hacks simply because of how valuable or large the company is. The better the target, the better the rewards. Major retail chains have faced hacking crises in the past, and so has the US Government. It isn’t easy to prevent an attack that is coming just because of the value of the company. It certainly is not worth reducing that value just to avoid hackers.
The more a company is connected to the Internet, the more vulnerable they are. Some companies often delay software upgrades until they know what’s in the update. That leaves them exposed to vulnerabilities in the meantime.
One good idea is for the company to test out what it would do in the case of a hack, just like a fire drill. Hacks are large and frequent enough that it is probably enough to expect that at least some of them will have at least some success. Understanding what to do in the aftermath of a hack is at least as important as preventing a hack in the first place. This is because it is simply so difficult to cover every possible attack point and eventuality. It is safer to be ready for an attack, but also be ready in case the attack succeeds.
Hacking in the workplace is going to become more and more prevalent as more companies move online. It is a worrying trend, but with enough awareness and anticipation, dealing with a hack attack may not shut down your business. Like many other important risks, planning and foresight reduce the cost that the company has to pay in the event that they are unlucky.
About the author:
Lee Ying has over 10 years experience in the tech and security industry. He can be reached on LinkedIn or on Twitter @LeeYing101.