Are Your Security Systems and Employees Prepared to Fight off Potential Hackers?
November 26, 2019
By Jamie Rivette, CPA, CGFM of Yeo & Yeo CPAs & Business Consultants
How can you ensure that an appropriate cybersecurity system is established at your organization and verify that it is functioning effectively? Although you might not know every detail regarding IT security, as a business manager, you should understand your infrastructure and know if your policies and procedures are in place and working as intended.
Your organization is a target for hackers, especially if you have massive amounts of data stored on your networks, and if a lot of it contains personally identifiable information or other confidential material.
Properly implemented security controls can reduce the risk of human error, but not eliminate it. Humans remain the weakest link in any organization when it comes to security risk. Most security breaches occur because of an internal mistake. Often, we read reports of organizations that had to pay hackers hundreds of thousands of dollars to get their computer systems back, all stemming from an employee who opened a corrupt email.
Below are four key factors to determine how prepared you are.
Security risk assessment – the first step is to understand where the gaps are in your security and recognize vulnerability. This applies to systems, vendors and processes as well as people.
Common weak points: Wi-fi access, hardware, software, and network equipment.
Security updates – one way to significantly improve your fight against attacks is to stay current with security updates. This should be done routinely and as soon as security patches are released.
Common weak points: These patches and updates need to be done on all devices and software. It takes only one missed patch on a device for the hacker to get in and compromise the government’s entire network, just like it only takes one “unlocked door” for a thief to enter your house.
Routine backups – One way to ensure you will not encounter data loss is to create regular backups and store them off-site. This is one of the cheapest and easiest ways to be prepared in the case of a ransomware attack or even a fire.
Common weak points: Backups should be done routinely and stored at a secure off-site location. The backups should be encrypted and tested often. This is necessary to verify that the information can be restored. Often backups are being done but never tested.
Education and Training – One of the biggest risks of cybersecurity attacks in any organization are its own employees. Cybercriminals are great at sending phishing emails that are specifically designed to get employees to click on a malicious link or release sensitive information. These types of emails look legitimate and are hard to detect.
Common weak points: Most organizations focus their cybersecurity initiatives on external threats; they should also address the internal threats, which would be their employees. The most significant benefit would be to train the employees on these threats.
One of the best ways to combat cybersecurity is effective training and testing. Educating the employees on the types of threats to watch for is crucial in protecting your organization from cybercriminals. This training should include such items as risks related to downloading attachments from unknown emails, identifying phishing scams, ransomware, and malware. Sharing passwords, using networks that are not secure, and flash drives are other risks that should be included in security awareness training. This training should be ongoing, and constant testing has proven to keep employees on their toes as well as identify where additional training and education may be needed.