Cyber security is more about you than technology
Congratulations, you are now the key to something. You are absolutely essential — mission critical. Without you, it will fail. What am I talking about?
I’m talking about the level of cyber-security you practice and benefit from. Regardless of the amount of technology you implement to protect your business and the amount of expertise you hire, the human element maliciously or ignorantly can undo so much of those measures.
There is no denying that an abundance of tools and tactics are available that take “must have” precautions to protect our systems – either from external malice or internal human error. Things like anti-virus/malware tools, firewalls, complex passwords, VPNs and backups do provide a baseline level of security and can protect us from ourselves.
But make no mistake, any of these measures — which generally comprise what most small businesses have put in place — will likely not protect you from an employee clicking on a link in an e-mail that delivers Cryptolocker to your system. Cryptolocker, by the way, is a form of malware that essentially commandeers your data and holds it ransom pending your payoff to the author for restoring your data. Good cyber behavior through education of potential threats is absolutely essential to support your technology measures.
Now look beyond just the use of technology to the physical aspect of cyber security. None of the common measures mentioned above are likely to protect your company from the liability of an employee copying sensitive data to an external hard drive and using it outside your business for personal gain. Just like having locks on a door to keep out unwanted visitors, your business data is beholden to good physical security measures to manage around behavior.
Another area where behavior affects security is in the ever-blurring lines between business and personal use of social media. Social media is increasingly a part of the online presence of businesses, and how they interact with their marketplace and customers.
Social media invites more direct contact with people digitally and therefore has its own set of things to be mindful of from a security standpoint. The person responsible for your firm’s Facebook account can, with a few taps of their finger on their phone app, greatly influence what people see (and think) about your company’s online presence. Same thing goes for Twitter.
Here are some practical steps you can carry out in short order to further protect your business from a cyber-security breach.
- Have an Acceptable Use Policy. They are all over the Internet as free downloads. One example is here. While a piece of paper does not automatically prevent behavior, it does provide you necessary legal leverage when behavior creates liability.
- Continually educate your employees. There are an abundance of resources available. Specifically, the Michigan Small Business Development Center has created a helpful site along with self-assessments and training around cyber security.
- Have measures in place from a physical security aspect — from the most simple of locks on doors that should have them, to some level of auditing to ensure your data cannot physically leave your premises (assuming you want that). Most all competent IT service providers will be able to advise you on measures that can be taken to protect your data.
Remember that how good of a cyber-citizen you and your employees are will go a long way toward ensuring that your business does not suffer from a cyber-security breach.