1800 464 360
The #1 Way Businesses Can Protect Against Hacks

The #1 Way Businesses Can Protect Against Hacks

26 September 2016
privacy, breach, security

One of the most significant security vulnerabilities sits right in the heart of your organisation. You know it as your staff. And no, we’re not talking about disgruntled staff with an axe to grind. We mean your mild-mannered, everyday staff who are increasingly the targets of cyber criminals.

No matter how sophisticated a company’s processes and protocols might be, staff members remain individually responsible for managing threats to privacy. Security firm Symantec recently published an interesting report showcasing an alarming surge in social engineering phishing attempts, preying on employees within certain departments. Social engineering refers to psychological manipulation through highly developed and refined attacks which rely on human interaction.

The scammers’ technique provides a deceptive sense of authenticity and attempts to build a relationship with an employee. They typically use insider knowledge such as executive staff names. They send malicious links or what looks like official documents such as invoices or spreadsheets. When you click on these, it releases a virus onto your computer and into your server. They might also falsely use what appears to be a reputable company email address or logo with seemingly undetectable tweaks, say, with just one letter off.

Our innate human nature tends to subconsciously suppose breaches will happen to the other guys –  not us, not our business. Unfortunately, the threat is a reality for us all. The good news is that there are effective, actionable measures you can take now to be proactive about your security.  It is always a good time to focus on renewing your company’s efforts to protect itself from cyber-crime.

Maintaining good privacy practices is a “good housekeeping” matter for any organisation. However, to consistently stay one step ahead of cyber criminals, it is no longer enough to just capitalise on current security measures. We must actively increase employee awareness. We recommend rolling out a specific phishing training programme across your organisation. Programmes like these are designed to equip staff with the behaviours and skills that will reduce the threat posed by these attacks. As each team member goes through training, potential weaknesses are discretely revealed, not to embarrass, but to teach. Being entirely digitally smart and savvy should be seen as a continual area for growth for all!

What else can we do to protect ourselves and thus our businesses?  It is important to have tight security measures implemented, including thoroughly trained staff. Together we should remain robust against threats!

Here are some points you should consider for yourself or business:

Know the essentials for security. Only give out information that you feel comfortable sharing. Ensure you are involved with a trusted party. Only click on links from a reputable source.

Protect yourself online with strong passwords. How many of us are guilty of not doing this? Even if a company allows us to proceed with a ‘weak’ password, do not be tempted.  Also, remember to frequently switch up passwords between accounts. You might have heard this a few times before, but keep in mind, it’s only effective if you actually use a strong password and switch up passwords.

Securely dispose of personal details. Don’t leave sensitive customer, client, patient or personal information lying around. Locked cabinets, password-protected files, shredding, and Verification of Identity, are helpful measures to take.  Employees should typically only have (restricted) access to information that is needed to perform their particular role.

Perform a quick audit. How does your team handle personal information and code? Have you assessed your risks and threats? Are your antivirus and antispyware up to date? Consider your intellectual assets such as source code. Find out why your company needs Intellectual Property protection.  

Does your business need a revamp of their privacy actions? Is it time to establish or revise procedures? Consider how greatly technology has evolved over the past five years. Our privacy policies should reflect this!

Encrypt, encrypt, encrypt. Ensure your network is secure and that Wi-Fi passwords remain complex and protected. Install encryption on mobile devices including laptops and tablets to protect against intrusion.

Each industry faces their own unique challenges when it comes to privacy, including protection of private client data, credit card details, and employee contracts, etc. Technology is growing at such a rapid rate that it seems laws and privacy standards sometimes cannot keep pace with each of the many dynamic and evolving complexities in the digital space.

A collective commitment and particular investment in employee vigilance should become the priority for businesses today, as phishing attempts are growing more and more prevalent.

Ultimately, investing in professional privacy and security measures buys you peace of mind, so you can work with that free feeling of reassurance, knowing that there is a cushion of security around privacy.

There is no doubt we all have areas in privacy and security that our businesses can improve upon. That’s why TIMG offers a variety of tailored information management and security services designed to keep businesses working with the utmost privacy and innovation. Discover how data protection solutions can work for you!

© Copyright 2017, The Information Management Group