By Andrew Tang, Service Director, Security at MTI
It is increasingly very difficult for businesses to respond to security threats. Gradually, threats have become more sophisticated, blending different levels and methods of attacks which have made it more and more difficult for IT departments to respond to them appropriately. With IT budgets driven down in some sectors, the problem has been exacerbated: defenses are weakened and the attacks are gaining strength and detail.
The biggest security challenge for businesses is looking at the basic threats facing them and securing against these vulnerabilities. The first consideration is whether a business’ website is protected. IT departments should also review the protocols in place to prevent existing or ex-employees from accessing sensitive company data. Businesses often worry about what brand of firewall they should be using, when the most basic protection against internal breaches has not been dealt with. A lock is useless when you’ve left the door wide-open!
Responding to a security threat will rely heavily on preparation. To ensure you are ready to respond at a moment’s notice, consider the following:
1. Think about the business strategy to respond to threats before they hit
2. Review your current vulnerabilities and form an action plan
3. Consider further staff training and education
4. Only consider new technology/software once you have addressed the ‘person factor’
Overcoming security threats is about getting the basics right, and recognising that often the biggest threat to a business is people, whether intentionally or not. People make mistakes, they can be manipulated, or they can simply hold a grudge. Never underestimate the threat that individuals, both external and internal to a business, can pose.
Thus often the best prevention for a security breach is not simply identifying glaring vulnerabilities, but rather looking at where the 'lure' for the potential hacker or person wishing to do damage is. Googling oneself is not about vanity, but in fact it can actually help to protect a business online. If an employee’s social media presence details pet names, kids names, hobbies etc., then a business could find that 'password reminders' are suddenly available for the tenacious hacker looking to do damage.
Ultimately, the first solution to cyber threats is to look at the people involved, the company’s profile, and its website – and only once that has been considered should software/hardware solutions to support this be considered.