4/21/2014 | Matt Gross

Are you concerned about digital security compromises of your company's IT infrastructure? You shouldn't be concerned — you should be scared. Whether it's denial of service attacks, theft of credit card data, or social engineering, attacks on IT infrastructure are becoming more common.

 

It's critical that you empower your IT staff. They are your front line of defense. I was recently speaking with a friend who manages internal IT systems for a mid-sized financial company. He said that his staff wants to migrate their core servers that are approaching Windows Server 2003 end-of-life. Top management, however, doesn't see the seriousness of the issue and won't delegate the authority to do what IT knows is needed. This is very risky — especially for this middle market company. A security breach is expensive. For a midsize firm without the vast resources of a large corporation, the cost of fixing a security leak could potentially cripple, or even destroy, the business.

You must listen and ensure your IT staff gets the training they need and is motivated to solve security problems, whether that's initiating a software update cycle, telling an employee to memorize their password instead of reading it off a post-it note, or using their own time to stay current on software vulnerabilities. Consider these basic steps as a foundation to securing your business.

  1. Protect against phishing with email filtering software. According to a recent Verizon study of 621 confirmed data breaches and thousands of security incidents, stolen credentials were the culprit in 80 percent of the cases. Consider switching your email to Google Business or another provider that can handle and filter a high email volume. Of course, that won't block phishing via social media and chat. There are some tools for these services, but it's better to educate your employees how to protect themselves. Have them monitor every external link they click, even ones that come from someone they trust. They can also do a quick URL check if a Web page is requesting sensitive data, making sure that the source domain matches what the website claims to be.
  2. Keep your software updated and patched. Someone attempting to hack into your corporate network is likely to exploit known vulnerabilities in software. Update the software as soon as a patch is available to enhance your digital security. In some cases, this means that you will have to replace legacy software that is no longer maintained by the manufacturer.
  3. Run security software within your network to strengthen it. Set up robust firewalls, secure Internet gateways, and perform network behavior analysis to catch discrepancies. Use the latest security for Wi-Fi access points, and update your hardware every few years to take advantage of security improvements. Antivirus software on your PCs and servers is helpful, but it's not enough to protect your network.
  4. Make sure you can remotely remove information from mobile devices. Mobile devices are a growing area of weakness. Rare is the employee who leaves the company suddenly yet still retains access to sensitive company data. What's more common is that a laptop or phone used to conduct company business is stolen. When this happens, you need the ability to remove data from the device. There are many vendors of remote management software and MDM (mobile device management), such as Apperian, that companies use to manage the mobile apps installed on their devices. Windows and MacOS have built-in mechanisms for remote managements that allow IT administrators to delete content.
  5. Make sure people do not have access to data they don't need. If you are a healthcare company and your employees have unencrypted spreadsheets of patient data on their laptops, you have a big problem. Oftentimes, a person wearing a hard hat and carrying a clipboard can gain access to all types of secure facilities. Make sure that rooms and cabinets with important data are locked to prevent strangers from picking up a hard drive or placing a monitoring device into the network.

Have thoughts on this issue? Let us know what you think by commenting below.

Matt Gross is an NCMM contributor and principal and founder of Mobile First Software, a focused consultancy that helps companies with mobile strategy, product design, product management, and application development. Circle him on Google+.