Infiltrating the security of your core business network could be devastating for any sized business, particularly small businesses. Ransomware freezes the system, holding it hostage for a fix. Viruses corrupt data and destroy entire databases throughout a computer network. Spyware steals company secrets or uses personal data. Any one breach can compromise private data, not to mention clients trust in your company.
Regardless of how often you hear about it in the news, small businesses often remain incredibly vulnerable when it comes to security. Why?
For one, business owners often focus on mitigating solutions to address only one part of cybersecurity. They overlook system support protocols to keep their computer network safe from a broader range of problems.
Added to the misguided focus is the fact that businesses, especially small to mid-sized businesses, don’t set company policies, including employee training. The fact is that information technology research concludes that some of the biggest threats aren’t even external or cyber-based.
Take a look at where seven of the biggest network risks are and how you can prevent a compromised or disabled network.
1. Employee’s lack of awareness
In extreme situations, a disgruntled employee may intentionally sabotage a system before clearing out his desk and heading home to South Milwaukee. While these instances are few and far between, employers must address the possibility.
What possible harm can employees do to the network, if proper protections are in place?
Think of it as having a top-notch security system for your home. It doesn’t matter how well-designed the system is, if your teenager walks out of the house without turning it on or locking the front door, it’s useless. Your employees are what keep things working properly.
Employees inadvertently open an email they shouldn’t or surf unknown websites during their lunch break. As innocent as these actions are, the consequences can be devastating. More often than not, employee issues are innocent and can be solved with employee cyber training.
2. USB drives and support devices
Everyone has done it, probably even that information technology guy who told you not to! Yes, even he has probably used a USB drive at some point.
Imagine you’re on a deadline and need to transfer a file to another system to print it or get it home to finish. Whatever the reason, you pull out a handy little flash drive and pop it into the USB port. Imagine that flash drive holds private client data that you are supposed to keep secure.
What happens if you lose it? What happens if you accidentally hand it over to your dry cleaner because you forgot to take it out of your pocket? What happens if your kid takes it to his friends to download the music video they just published to the Internet?
Not real secure, right? But that isn’t the only issue.
Malware is written to specifically target flash drives. Face it, we are a society of convenience, so when you put that flash drive in the drive at your local print store or grab a new photo of the kids for your office screensaver, then go back to the office and pop that back into the USB, you could be introducing bugs into your machine and entire network.
But it isn’t just a flash drive to be concerned with. All USB devices pose risk. For example, did you realize that the wireless keyboard is easily hacked with a radio dongle purchased for less than $20. From 100 feet away, a hacker can copy keystrokes and potentially hijack the computer with as little as 15 lines of code to control your mouse and keyboard.
3. Email scams and attachment security
Email continues to be a successful target for virus and phishing issues. It seems like everyone should know about email scams.
But because we are curious creatures we open mail, especially if it is disguised as something that urgently needs our attention, like winning a trip to the Bahamas or needing to take care of our dog’s overdue taxes – (note: you won’t go to jail for ignoring that email).
Going back to the security system analogy, we can have a great security system, but if your partner doesn’t know how to hit the panic button alerting the monitoring company, the system is rendered useless.
The same is true with virus protection in the cyber world. As a business owner, you get email all day long, often from people outside your computer network. You might not know prospects or recognize the person’s email you met at the networking event last night.
It’s a part of business you can’t avoid. Learning to recognize when something looks slightly askew so you can take additional actions to protect your network is not as difficult as it seems. It certainly is easier than dealing with a crash and waiting for tech support to help.
4. Laptops, smartphones and tablets
Modern businesses are always on the move, literally. Mobile technology facilitates remote business but increases risks. Being in transit means that mobile devices are subject to being lost or stolen. Whether it is a smart phone that fell out of your pocket on the train to a laptop stolen from the coffee shop desk where you saved a seat, losing entire devices can give hackers everything they need about your network.
Additionally, many of these devices are not company issued. Employees use their own smart phones, tablets and at times, laptops. Unless you can secure what information is used on these devices and how it is encrypted, you open your network up for potential attacks.
5. Wireless access
Wireless access is essential for most businesses in a mobile market. Consumers have increasing demands for quick answers and solutions, wanting providers to get the job done anytime and from any location.
When on the move, you can’t always get wireless access points on an encrypted wireless network. Public (guest) networks can be a cyber security risk.
In fact, using your client’s password protected wireless network might seal the deal at 11 PM in Greenfield, but open up a viral risk you take back to the West Allis office. The wireless network itself may be a trap, capturing data the entire time you are doing a presentation.
6. Cloud-based defence
Similar to wireless access, are cloud-based solutions. Because cloud-based solutions require internet access, they are part of the risk landscape in a cyber world. They require firewalls and encryption to reduce open windows of vulnerability.
There are also risks of network support and provider reliability. The goal with migrating to the cloud is to save time and money, reducing redundant and expensive hardware upgrades. Your security consultant may also integrate a Unified Threat Management server for better protection.
The cloud network is designed to meet the flexibility needs of your business. If your cable, or wireless network is down, your business is on hold until support comes or service is restored.
7. Third-party technology solutions
Risks with third party solutions encompass a range of potential problems. Third-party software installed on the network that isn’t patched leaves you vulnerable to attack through the entire system. Installing something as simple as a game of solitaire to play at lunch might create a vulnerability window where hackers, viruses and malware enter.
In general, any third-party vendor increases your risk. While you may have looked at their experience, you can rarely vet the company with background checks of any and all technicians that may come to your office or work on your network. These people have knowledge and access to your network information, thus pose a risk.
In fact, it may not even be the third party vendor who you hired, but a Trojan Human. This is an imposter posing as an employee or contractor. They walk in, and unless someone stops to confirm credentials, they have complete access to your systems, both in the cloud and on hardware.
What solutions exist to address security risks to your computer network?
Being proactive is always your best solution to prevent a denial-of-service attack. Can you imagine not even being able to log onto your own systems?
Adjust policies and procedures. Remove outdated risk controls. Set new security protocols. Once you have a handle on things, educate employees on new habits of information security best practices.
Conduct an on-site security audit
Look at your IT network and infrastructure for careless policies or outdated protections. If you aren’t sure where to start, your IT consulting company can review your system and develop a plan designed for improved protection.
Have your IT technical support run a systems check and security audit on company servers and firewalls. Thinking like a hacker when it comes to security breach openings helps shut and lock windows that would allow them in.
Make it company policy not to install games or any other third-party software without first consulting your internal IT team or if you don’t have one, your IT network consultant. Often they will be able to integrate the programs you request, but need to ensure that the proper protocols exist. Some programs need a special patch to run on a cloud network to prevent opening risk gaps.
Companies wouldn’t think twice about having a secret shopper conduct a sales and service audit. Why not do the same for security?
Have an unscheduled “network audit” and see if your employees follow the right protocol to validate the identity of the technical support consultant.
Get on-site support when necessary to ensure there are no protocols being overlooked. Conduct secret audits of your employees by having the IT security consultant send out “phishing emails.”
If you have trained your employees properly, you will have a low “open rate” and higher confidence that an email won’t shut you down. Use the data from audits to further educate your employees. Remind them that the bad guys get trickier to find a way into the network.
Establish new protocols
It isn’t difficult or expensive to have your technology security consultant set password resets every 30 days. Force employees to change passwords regularly. Don’t allow recycled passwords to be used for 12 months. Set a policy to use complex passwords that involve letters, numbers and symbols as well as capitalized and lower case letters.
Make it a policy forbidding the use of USB devices on company systems. If certain USB devices are required, be certain that those devices are “work only” devices and not doubled up for personal use. If necessary, provide employees with charging stations for personal mobile devices so they are not plugging into the network simply to charge their phone or tablet.
If your firm is truly concerned about sensitive data breaches, it may be wise to have your IT security consultant set a firewall for all downloads, preventing unwanted programs and files.
Encryption is essential, especially when your company uses wireless and cloud-based network solutions. Being mobile has added risks, but none that can’t be addressed easily.
Remember that employees rarely try to harm the network. They do things out of convenience and sometimes even have the best intentions of doing a better job. Don’t just set policies, educate employees about them and enforce those policies. Lead by example.
If you allow employees to access personal data or devices at work, consider a secondary public wireless system that isn’t tied to your secure network.
Remember that employees are one of the biggest areas of concern, yet one of the easiest to address. Once new habits are developed, your business security culture will improve.
Make sure to go through the protocol during onboarding of new employees and immediately address system access for any employees that have left the company. When it is protocol to remove all system access immediately upon resignation or termination, you won’t run the risk of a disgruntled employee doing something to steal data or crash the system.
Ongoing risk vigilance
Viruses mutate. Hackers innovate. Risk is always adapting to new technology.
With all the security systems in place, remain vigilant with your computer network security company to make sure everything is always meet the latest risk threats. Since you can’t protect against all risks, make sure you have information backed-up and mirror network systems to restore operations if you are attacked.