CEOs Beware: 3 Things Your IT Security is Missing

A Common Concern

A lot of companies are worried about security, and rightfully so after the big name hacks of the past few years such as Target, Home Depot, the IRS, and most recently online adultery site Ashley Madison. 

Threats are definitely out there, and no one is truly safe, but there are a number of things that companies are not doing that could easily help prevent a large scale intrusion. 

Here are three easy things that you can implement today that will make a tremendous difference in your organizations security.

#1 Proactively Monitor and Have an Action Plan in Place 

Target was the victim of a massive data heist which included 40 million customer credit card numbers. The funny thing about it was, six months earlier Target had implemented a comprehensive detection tool that cost them $1.6 million dollars — the same tool the CIA and other government agencies use.

What went wrong? Not all that much actually.  

The FireEye security tool detected the hackers exploit tools and alerted the monitoring team in India who then alerted the security ops center in Minnesota. The security team did not follow-up with the alert. That was where Target failed to act, and if they had the hack could have been avoided. 

#2 Educate to Avoid Non-Technical Hacks 

Social Engineering is the act of gaining access to your systems not with technical tools but with human manipulation. Hackers will trick people into breaking security procedures or divulging passwords or pertinent information. 

Social Engineering is the biggest threat your company will most commonly face.

It’s important to let your employee’s know that all visitors, e-mail requests and phone calls should be met with extreme skepticism.  Someone representing themselves as a handy-man can be let in the front door, take pictures with their phone of sensitive documents or make off with laptops, hard drives, or other important items undetected. 

The same can apply to throwing out sensitive printed information without shredding it, or disposing of computer hardware incorrectly.

Also, employees should be reminded to lock their screens when they walk away so unobstructed access to their computers is not available for a passer-by.

#3 Use Complex & Different Passwords

We all know how hard it is to remember all the passwords we have these days. It’s no wonder most people use a simple to guess and easy to remember password for all of their accounts, work or home. This is dangerous as this password becomes a key to your businesses front door.

A better option is to have your employees use completely different passwords for their work technology that cannot be tied back to anything personal. A password manager can assist with this, as they store your login information to all websites in an encrypted database that has a master password - the only password you need to remember. This allows long, unique passwords for each website. I recommend LastPass and KeePass.

Two-factor authentication is also a great deterrent, as you have to verify your login through a second means such as text, e-mail, or phone call.

Increasing password complexity is also important, your systems should follow standard guidelines:

  • Be at least 8-10 characters long; ideally longer (especially for administrative accounts)
  • Use uppercase and lowercase characters
  • Use alpha and numeric characters, including special characters (e.g. !?$£#@%)
  • Should not be easily guessable like company names, pets name, etc.
  • Not be a word from a common dictionary (e.g. orange, computer, television)
  • Not have any part of the username in it
  • Do not share passwords
  • Change the password every 60 - 90 days

Security is not something to ignore. Having a plan, being pro-active and having important conversations with your employees can heavily reduce your security risks. 

Contact Us to Learn how other companies are creating strategies to combat cyber-threats.