The proliferation of computers and networks has been a great thing for society. Businesses can run much more efficiently and at a quicker pace than ever before, and information can easily be stored in a couple of hard drives rather than a room full of filing cabinets. While these rapid improvements have been great, there is a dark side. Information is concentrated in such a way that it can easily be compromised in the absence of proper cybersecurity measures. In 2018, cybercrimes were responsible for nearly three million dollars in damages. That’s a lot of money, and you surely don’t want to be a part of that statistic! If you’re running a business, you don’t want your information to fall into the wrong hands, so here are six things to think about when trying to keep your business’s information safe.
1. Hacking Isn’t What You May Imagine
When you think of your typical “hacker,” you probably imagine some mousey-looking person in a trench coat typing an array of 0’s and 1’s on a screen full of incomprehensible code and formulas…but that’s just Hollywood’s depiction. In reality, hacking is a much more personal and social process. Successful hackers are extremely charming, charismatic, and socially adept. In pursuit of passwords, network access, and other useful information, hackers will often pose as someone who’s supposed to have access and con a business’s support staff into handing this information over via phone or email. Because of this, the Federal Communications Commission recommends that employers ensure that all staff members are properly trained to understand basic security principles. Anyone could be on the other end of that email or phone call, so you must ensure that your business follows strict verification procedures before any sensitive information is shared.
2. Employee Loyalty Isn’t Guaranteed
When running a business, you have to understand that not every single employee is going to value the business’s success as much as you do. In fact, some employees may seek to actively undermine your business if they have something to gain from it. Many employees have grievances with their employers, and many of these grievances are ignored, so why would someone be loyal to a business who they believe doesn’t treat them right? Businesses often pay their competitors’ underpaid and overworked employees for passwords, proprietary information, and other useful means of accessing networks and information. This may be illegal, and most people are honest enough to not ever do such a thing, but security breaches of this kind happen every day. To mitigate the chances of this happening, treat your employees well, compensate them fairly, and try to hire people who have a proven track record of honesty.
Ever had a virus on your computer? If so, then it was probably a real pain in the neck. Thankfully, most people don’t carry very sensitive information on their personal computers, so an infection isn’t that big of a deal. With a business, however, malware can potentially destroy your entire information infrastructure and lead to your business’s collapse. Malware is most often installed when someone clicks an innocent-looking link on a website or email. It’s a good idea to teach your employees how to identify questionable emails, and you may want to restrict access to malware-heavy sites.
4. Network Access and Information Storage
How easy is it to access your business’s network? Can employees access the network on their phones and personal devices? Can regular people on the street access the network? While it is fine to have secondary or tertiary networks for employees’ and visitors’ personal devices, but you have to make sure that no sensitive information is stored on these networks. If sensitive information is stored on networks that are accessible to anyone, then that information may be compromised. Furthermore, you should separate your most sensitive information from other data and information. Your secret design shouldn’t be stored in the same place as last week’s inventory summary.
5. Information Distribution
The grim quote “Three may keep a secret if two of them are dead.” by Benjamin Franklin in the Poor Richard’s Almanac (1735) might be an exaggeration, but it rings at least partly true with cybersecurity. As more and more people know a secret, it’s much harder to keep it. Passwords and sensitive information should only be given on a strict need-to-know basis. Your entry-level employees probably don’t need to be given passwords to important networks with valuable proprietary information. Even if everyone in your business is honest, that doesn’t mean they can’t be duped into sharing sensitive information with the wrong person.
6. Workplace Access
Not all cybersecurity breaches are executed over the phone or on the computer. Sometimes, someone can just walk right in and treat your workplace like an information buffet. If your physical workspace is unprotected, then a malicious actor can easily slip a USB drive with malware into one of your computers, or they can simply break in and walk away with your servers and hard drives. Consider installing a physical security system that’s adequate enough to cover every point of entry and exit, and do what you must to limit who enters the most sensitive areas in your workplace.