In The News
Companies of All Sizes Must Take Steps to Protect Technology and Information
By Michael Mullin, President
Integrated Business Systems
Cyber-safety, a common term used to describe a set of practices, measures and/or actions that protect technology and information from attacks, is a hot topic in business these days. Every company – whether large or small – is a target for cybercrime, and being prepared and vigilant has become an absolute necessity.
Understanding security threats is a good place to start. Today’s most common issues span five basic categories:
- Viruses, which infect computers through email attachments and file sharing, can delete files, attack other computers and make systems run slowly.
- Hackers are people who “trespass” into computers from remote locations. They can then cause the breached machine to malfunction, or use it to host a website, send spam or spread viruses.
- Identity thieves obtain unauthorized access to personal information, such as social security and financial account numbers. They can then use this information to commit crimes such as fraud or theft.
- Spyware, which is software that piggybacks on programs that are downloaded, gathers information about a user’s online habits and transmits personal information without their knowledge.
- Ransomware is a more recent – and rapidly growing – threat. Perpetrators restrict access to software programs and files, most often by encrypting them, and then demand that the users pay a ransom to remove the restriction.
These issues are serious, and they are becoming more prevalent. Symantec, a cyber-security tool provider, reported that security breaches increased by 23 percent in 2014. More than 317 million new pieces of malware were created, averaging to nearly 1 million new threats each day.
For businesses, the reality of a security breach can be devastating and costly. An IBM study found the “average consolidated total cost of a data breach” in 2014 was $3.8 million, and that the cost for each stolen or lost record containing sensitive information was $154. Additionally, consider the costs associated with downtime resulting in lost access to the computing network, or the implications of the exposure of confidential customer data, company financial information and business intelligence.
How, then, can a company minimize its exposure? First, all devices connected to the business’ computing network should meet certain security standards. Second, and equally important, management should provide staff with the services and training needed to meet these cyber-safety standards.
In a recently published Employee Hack Guide, IBS outlines seven actions that help protect computers and data. In most cases, the implementation of these security measures takes only a few minutes.
- Install OS/software updates. Updates, sometimes called patches, fix problems with an operating system (OS) (e.g., Windows XP, Windows Vista, Mac OS X) and software programs (e.g., Microsoft Office applications). Most new operating systems are set to download updates by default. After updates are downloaded, users are asked to install them. Click yes!
- Run anti-virus software. To avoid computer problems caused by viruses, install and run an anti-virus program like Vipre, a product from ThreatTrack. Periodically, check to see if the anti-virus is up to date by opening the anti-virus program and checking the date of the last update.
- Prevent identity theft. Never give out financial account numbers, Social Security numbers, driver’s license numbers or other personal identity information unless the recipient is known. Never send personal or confidential information via email or instant messages, as these can be easily intercepted. Beware of phishing scams – a form of fraud that uses email messages that appear to be from a reputable business (often a financial institution) in an attempt to gain personal or account information.
- Turn on personal firewalls. Check computer security settings for built-in personal firewalls – and turn them on. Firewalls act as protective barriers between computers and the internet. Hackers search the Internet by sending out pings (calls) to random computers and wait for responses. Firewalls prevent computers from responding.
- Avoid spyware/adware. Spyware and adware take up memory, and can slow down computers and cause other problems. Use Spybot and Ad-Aware to remove spyware/adware. Both of these programs are available online for free.
- Protect passwords. Never share passwords. Establish a company “safe word” that a support technician requesting your work system login must know. Do not use one of these common passwords or any variation of them: qwerty1, abc123, letmein, password1, iloveyou1, (yourname)1, baseball1. Change your password periodically. When choosing a password, mix upper and lower case letters and use a minimum of eight characters.
- Back up important files. Reduce the risk of losing important files to a virus, computer crash, theft or disaster by creating back-up copies. Store back-up media in a secure place away from your computer, in case of fire or theft. Test your back up media periodically to make sure the files are accessible and readable.
Additionally, employees should work with their company’s in-house or third-party technical support coordinator before implementing any new cyber-safety measures. They should report any cyber-safety policy violations and security flaws/weaknesses they discover, as well as report any suspicious activity by unauthorized individuals in their work area. Finally, staff members should never install unnecessary programs on their work computers. Implementing these measures – and staying on top of them – can go a long way toward helping businesses fight common cyber-security threats and the resulting consequences.