Security has been a concern since people had things they wanted to protect. Businesses in particular have had to consider what they want to keep safe. Before, businesses had to prioritise their equipment and books – these days, with everything becoming digital, priorities have had to change, too. After all, thieves are no longer of the mask and break-in variety. Today, we have to be more aware than ever of cyber security dangers. 2016 saw incredible examples of what happens when you don’t take security seriously. Let’s examine what we can do to help mitigate any threats to our business.
Creating a password
The most important realisation that many had during 2016 was realising that no part of being online indicates absolute safety. Even passwords on emails only stops hackers for a short while. It’s imperative that starting from the ground up, people take the idea of how to approach passwords as seriously as anything else. How then do we pick a password?
As PC Advisor notes:
Avoid using the following passwords, which a surprising number of people use: password, QWERTY, 123456, 00000 and Letmein. Also, don’t use information that can be guessed with minimal effort. For example, Fred Bloggs would be advised against opting for a username of “Fred” with “Bloggs” as his password. Similarly, avoid the name of your spouse, children or pets, birthdays and any other details that can be discovered from social networking sites and elsewhere. Some experts even suggest that passwords shouldn’t include any words of the English language or place names. Instead, they recommend that passwords include upper and lower case letters, numbers, punctuation and least least six or eight characters in total – the longer the better.
It’s also advisable for businesses to get their employees to change passwords regularly. We can implement this by preventing staff from logging in after, say, two weeks if they’ve been using the same password. There are various systems that allow for this. We must speak to IT department to find and implement such policies. In this way, we mitigate unwanted people gaining access and can have a proper understanding of who is going where.
Another important and related aspect is knowing who is allowed to go where. That means in business only allowing certain people access to specific files or folders. It also means possibly restricting them from, say, the server room. Passwords are not advisable since this just means they can be stored and therefore stolen by anyone. If possible opt for unique cards that let’s people access specific rooms. Data is essential and increasingly the most valuable aspects of a business. Monitoring can also be helpful here. This can mean installing cameras, working with a video wall controller system and so on.
In this way, we can properly manage what is happening on our business site and who is going where. It can reduce instances of insider malpractice, since people will know they are being monitored. Considering how much danger staff themselves pose to businesses, this can be an essential tool.
The problem with ransomware
One of the most pernicious forms of invasion is ransomware. This is software that is installed on computers without our consent, restricting access to important documents, folders and so on – until the user has met the hacker’s demands. This terrifying scenario was reality in 2016 in America, as CRN pointed out:
Several high-profile ransomware attacks, most notably an attack on a California hospital in February that left it unable to care for its patients. Also, there was an attack on the San Francisco Municipal Transportation Agency (SFMTA) network that forced the agency to allow passengers to travel for free. In the first quarter alone, there was $209 million paid to ransomware attackers, according to FBI data, putting the full year 2016 on pace for $1 billion in known ransomware payments.
No one is immune
Major corporations, like Yahoo and Sony, all found themselves the targets of hacking. Millions paid the price – in terms of figures and in terms of ordinary users. This means regardless of size, a business is always in danger. Indeed, small businesses believing themselves immune because they have nothing hackers want are prime targets for this reason – hackers know that if we don’t take our security seriously, we’re easier marks. We can’t allow that to happen. The point isn’t that Sony was target; it’s that, if Sony, as big and powerful as it is, can be brought down by hackers, we have a lot of work to do ourselves.
Picture credit: Blue Coat Photos / Flickr