Employer training key to IT security
In the first West Michigan IT Report, Holland-based Worksighted anonymously surveyed a diverse cross section of IT leaders from dozens of local manufacturers, professional services firms, nonprofits, retailers and others. In addition to taking a pulse on business growth, the survey focused on five prevailing topics in IT: security, spending, cloud, business continuity and future trends.
The first topic we want to discuss is security.
The survey asked questions including:
- Has your system ever experienced hacking or a security breach?
- If your system has been hacked, how was it hacked?
- How many users are on your system?
Almost 45 percent of the companies surveyed have experienced hacking or a known security breach. Those companies ranged in size from single digits to over 2,500 employees. The report shows all companies across industry and size need to protect themselves from hackers.
Here’s what you can do:
1. Employees: While people are always your greatest asset, when it comes to security, employees also are your single largest vulnerability to hacking. Think of employees as the doors and windows to your business. Each one provides an opportunity into your business and your business information. The more employees you have, the more ways in there are for a hacker. In order to secure your business, each one of those windows and doors needs to be locked and secure. All it takes is one “unlocked” window for a hacker to get in.
The best way to secure your company is through employee training. Teaching your employees good habits and best practices can help protect your company. Training programs like KnowB4 offer free testing options to get a baseline measurement and offer training courses to keep your employees up to date on the latest risks and how to avoid them. Don’t forget to train new employees. Make computer safety a part of your onboarding process to ensure all of your employees are educated.
2. Multiple security layers: The second-biggest risk is depending on a single security layer. Businesses need multiple layers of protection to address a variety of threats.
Like we just discussed, employees are your biggest risk, and training them is the first layer of security. But you can’t expect training to eliminate all your threats; you need additional layers.
The second layer is securing the end-point computers. Companies need to make sure all of the machines are up-to-date on antivirus and software security patches. Be sure to have a plan in place to roll out the patches and updates on a regular basis. You likely won’t be able to rely on your employees to carry out these updates or restart their machines when necessary.
The third layer is a cloud security platform. About 75 percent of West Michigan businesses have some portion of their business on the cloud. Just like all your other information, you need to ensure your cloud platform is secure. Although the cloud is incredible for collaboration, from emails to remote employee access, the cloud has many security threats. The threatscape of the cloud is constantly growing, and cloud security platforms always are evolving to address new risks.
The fourth layer of protection is unified threat management (UTM). UTM is a security management approach that allows an administrator to monitor all security applications on devices through one place. This helps to keep all machines up to date and secure.
3. Recovery plans: If all else fails, you will either need an insurance policy or recovery plan, and we shouldn’t have to tell you which is the easier and faster path to get you back in business. Having a proper recovery plan could help protect you from ransomware, the most common hacking method according to our IT Report. More complex than just backup storage, your recovery plan should cover where you’re storing information, how much and how often you’re backing up.
Would your business fall apart if you lost a week’s worth of information or just a day? Knowing these numbers will help your company decide how often you need to back up.
Do you need information from years ago or is it obsolete? Storing all your information is great but can come at a high cost. Take a thoughtful approach to find the right balance of information.
If you’re unsure how to apply these tactics to your business, work with a managed service provider or your IT department to create a path to security for your business.
Matt Maines is chief technology evangelist of Holland-based Worksighted.