BlackCSI Blog
Maybe You Can’t Fix Stupid, but You Can Fix Your Security
It’s easy to dismiss network security if you run a small business that seemingly isn’t a target of malicious attacks. Unfortunately, this dismissive attitude can put your organization at risk, as even a simple security issue could be enough to expose your company to dangerous entities. In fact, we would call it foolish not to secure your organization; and one of the most infamous security failings in history stems from this.
The Equifax Problem
During the months of May and July of 2017, a credit-reporting firm called Equifax fell victim to a data breach that exposed a whopping 148.1 million records containing personally identifiable information. To put this in perspective, the Equifax data breach exposed almost half of the population of the United States of America.
In the wake of this breach, the former Equifax CEO Richard Smith was cross-examined by Congress. Smith’s defense argued that “human and technology errors” were at the heart of the issue. Ultimately, the Chairman of the House Energy and Commerce Committee, Greg Walden, came to the following conclusion: “I don’t think that we can pass a law that fixes stupid.”
How to Fix Your Data Security
While it’s true that there is no guarantee legislation would resolve the issue, you still need to make sure that your organization is doing the best that it can to keep threats from infiltrating its network. You can begin by implementing specific standards on a company-wide level or a case-by-case level.
Here are some ideas that you can start with:
- Start with compliance: Compliance regulations don’t always have data security in mind. That being said, it’s still an important part of managing your data security, as you could potentially be subject to fines and other troubling regulations.
- Resolve vulnerabilities: 99 percent of exploits rely on vulnerabilities remaining unresolved in network infrastructures. These exploits also often exploit vulnerabilities that are at least a half a year old. You should make patching these vulnerabilities a priority so that you can best protect your data.
- Centralize your data security: There needs to be someone at the helm of your data security endeavors. If there isn’t, you make protecting your data much more difficult. This person should be responsible for implementing access control and making sure that nobody can access data that they wouldn’t need for their ordinary workday.
Encouraging Employee Security
Employees hold more sway over your business’ security than they may realize. This makes it difficult to protect important assets, because if you’re overly cautious, you could be compromising your business’ ability to operate as intended. For your benefit, here are a couple of ways that your organization can help employees remain cognizant of their responsibilities.
- Lazy credential habits: Password problems have persisted in business for a long time. Employees should never reuse passwords or usernames for every account that they have. Each password should be a complex, containing letters, numbers, and symbols to maximize security. You can use a password management system if this gets to be a bit too much for your employees.
- Oversharing information: You should help your employees work toward limiting just how much information they share about themselves on social media so that passwords are not as easily predicted. Avoid using personal anecdotes whenever possible, and restrict who can see what information to minimize the chances of this happening. You also don’t want information to spread outside of the office, as an invoice or receipt with a customer number could be all a hacker needs to cause trouble.
- Using the wrong Wi-Fi: Public Wi-Fi is dangerous and therefore, not the ideal way to access secure data. You should work together with your employees to make sure that they have secure access to company documents whenever they need them. A virtual private network is a great way to do this, as it encrypts information sent and retrieved by your devices.
Does your business need to augment security? BlackCSI can help. To learn more, reach out to us at (717) 620-3042.
Comments