Information security is a key task for any business. It is difficult to overestimate the importance of valuable data, because it is they that determine the dynamics of development, market position and competitive advantages of any company.
However, despite this, many owners regularly step on the same rake. Security specialists have identified 4 major errors that can destroy the entire information security system.
It’s none of my business.
“Hackers? Data leakage? Who needs my company’s commercial information? – naively believes the owner of a small company located somewhere in Voronezh or Omsk.
And at first glance, such an opinion has under itself a ferro-concrete background: what value for hackers can be represented by a strange firm, if there are more attractive victims, on the servers of which terabytes of important data are stored.
It is enough to remember the leak in the corporation Sony, or scandal with Mossack Fonseca. The information field and the media are innocently hinting to small companies: no one needs you, no one should spend their energy on you. But is it true?
Small and medium businesses suffer from information theft more often than large corporations. Their security systems are usually antivirus and hope for a brighter future. Statistics make it difficult to calculate the number of victims in this segment, as many small business owners have no idea that a leak occurred because there are no tools to track and analyze traffic as a class.
The main threat comes from insiders, company employees who have decided to develop their business at the expense of the employer’s resources, or to find a new place of work, simultaneously capturing everything that is badly lying. For example, the customer base.
The last year clearly demonstrated: even hackers care about small businesses, because their security system is easy to crack. The most striking example is WannaCry and Petya A viruses, which were put on both blades of the company from small to large.
Of course, the media traditionally have stories about large mastodonts of business, who felt on their own skin, what is a blackout. Small companies that have lost their capacity for work, for days and even weeks, no one has counted. It’s not as interesting and exciting as discussing a big mammoth who has fallen into a lethargic dream.
“I will never be touched” is a key mistake in business, regardless of shape or size. In the 21st century the problem of data leakage, unfortunately, concerns absolutely everyone.
The case of WannaCry and Petya A mentioned above is a clear illustration of how easy it is to bypass security systems with the help of a fairly simple tool – phishing. Such attacks are characterized by sending letters disguised as notifications from banks, state regulators, messages from partners or even your own boss!
As soon as a careless employee launches an attachment, the virus instantly enters the company’s internal network. It is not uncommon for phishing emails to contain links to sites – password collectors, mimicking for the banking system, CRM or corporate portal.
But hackers do not live by letters as one. Skype, Viber, cozy Facebook or familiar VKontakte can serve as effective tools in the hands of intruders. Hacking a manager’s account in a messenger is much easier than messing around with masking email messages.
And then it’s a matter of technology: an employee receives a link or document from his or her immediate superior, opens it up, and the entire security system collapses in a single moment.
Uncontrolled communications sooner or later will lead to loss of the information, and it is a question not only of purposeful sabotage. The employee does not always understand what can and cannot be done. And the manager, leaving the staff alone with the World Wide Web, will not even guess about the approaching disaster.
The only way to resist risk situations is to control the communication channels in real time, allowing you to anticipate threats, identify dangerous actions of personnel and adequately respond to them.
Good preparation is a key factor in any successful attack. Phishing can be useful when accessing employees’ email accounts or Skype accounts. It would seem that such data is not so easy to get, because most programs and sites have protection against “brute-forcing” – rough automatic recovery of passwords.
As always, people simplify the task for cybercriminals. Until now, the most popular code word in the world is 123456, followed by 12345, the third place is taken by the crown of creativity, and the password is password.
The average employee, left to his own fate, will not want to do everything so that hackers do not have to put extra effort to hack into corporate mail or the server with valuable information.
Lack of backups
Regardless of the security system, data may leak or be permanently damaged. Thousands of reasons for this: a cunning insider, an employee caught on the hook of phishing, hackers took advantage of the “zero-day vulnerability” and so on.
If you don’t want this unfortunate incident to be a big deal on the company’s business, you should listen to the main advice of security specialists: always make copies of the information, which is desirable to store in a place that is difficult for staff to access and is not connected to the Internet.
In case of emergency they will at least give the opportunity to establish work. And to find out what caused the disaster and prevent it in the future – will help DLP-system, which allows you to control the actions of employees and assess risks predictively.