When discussing the need for tightened information security, I often hear people say, “We haven’t had any problem yet.” Compare this to the equivalent statement about the security of a home: “Although I live in the worst section of the city, I don’t really see a need to lock my doors, get a security system, or keep my kids from walking the streets at night…because I haven’t had a problem yet.”
Our organizations really do live in the “worst section of the city” – just by being connect to the internet, we’re instantly accessible to cyber criminals. There are 5 key factors every business person should understand about their information security risks:
1. Information theft is the number one activity of organized crime.
Internet threats are no longer coming from a teenager creating viruses or hacking someone’s network for a power trip. Cyber crime is organized, structured and planned with a single goal: to gain valuable information to sell or exploit. Estimates for 2011 show that this is an over a trillion dollar business.
2. Your business is a target.
It does not matter how large or small you are – you’re in the crosshairs. Most of the tools cybercriminals use are indiscriminate. Once the automated tools used by cybercriminals gain access to your systems, it will scour them for any information of value, from credit card numbers to social security numbers to medical information. Even if the tool finds no valuable information, it may exploit your systems to help steal information from other organizations.
3. This is an ongoing battle.
Most businesses have virus and spyware protection, firewalls and other measures. All of these things and more are necessary. Threats are continually evolving, and you need to actively monitor, detect and respond to them. Employees need to be repeatedly educated on new threats and how their conduct can put the company at risk.
4. Annoying spyware can be a good thing.
Often we treat spyware as an annoyance that messes up the usability of our machines. The fact that it often causes problems with daily use of our computers is actually a good thing. This is a red flag indicating a significant security breach – and should be treated as such. It is far more dangerous for spyware to go undetected [and it often does.]
5. Your people should never be overlooked.
When implementing protection from cybercrime, start with your people. Without training employees on the risks, often they will unintentionally create a breach. This breach is often caused by falling prey to a phishing scam, installing something they should not, or even by unzipping what looks like a simple software update.
The information that we store on our computer networks is increasingly critical, and in response, the profitability of information theft is growing. Is your business changing its practices to reflect this growing risk?
For more in-depth discussion of new security measures and how to keep your network safe, please feel free to contact Scott Hirschfeld.