Think fast: when’s the last time that someone you don’t know had physical access to your company’s building? And before you say “never!”—take a second to reconsider. Depending on the size of your company, chances are high that you’ve had repair and maintenance staff, friends of your employees, and even clients who you don’t know well at all come into your building. While the reasonable assumption is that all these folks were in your space for legit reasons, it only takes a few minutes for a hacker-in-hiding to do serious damage to unprotected data. We don’t want to freak you out, but, well, maybe we do, if it keeps you and your company safe from getting totally pwned.
Say What, Now?
For those of us born before, say 1980 or so, the term “pwn” may be new, but ignorance is far from bliss when it comes to getting “owned” by hackers hell bent on getting access to your company’s vital data. Last year, banks in London received a crash course is data security when someone posing as an IT consultant attempted to plant a small device designed to hack into their network.
While we often think of data security being something that only happens remotely by far away criminals, the unfortunate reality is that hacking tools are becoming more and more accessible, which means that the business of “pwnage” is booming. So, what can you do about it?
Secure Physical Access to Machines
Vigilance around your company’s computers, smartphones, and tablets is a great place to start when it comes to securing your IT systems. While an IT consultant firm can help you repair damage, and even prevent major hacks through routine monitoring, we can’t change your company’s culture overnight.
Being clear with your employees about the importance of maintaining strict protocols around technology use can help promote a culture of vigilance. When users are done at a workstation, they should be in the habit of always logging off. In addition, users should know the proper protocols for reporting any suspicious activity on their machine. If an employee sees something weird plugged into their USB port, the last thing you want is for them to ignore it or simply assume that “IT came by to do something.” Instead, employees should make like it’s the T, and say something if they see any suspicious looking additions to either their hardware or software.
Your employees can—and should—be your first line of defense when it comes to cyber security, but, unfortunately, they can also be your worst nightmare. Take a good look at your retention rate—might you be growing an army of disgruntled employees without realizing it? Talk to HR about establishing exit interviews with every employee who is asked to leave or chooses to transition on. Exit interviews offer the opportunity for employees to air any grievances—and also give up any passcodes. The last thing anyone wants is Bob from accounting coming back to wreak havoc on your precious data.
Beware the Booming Business of Hacking
As our personal technology gets more and more complicated, it is clear that hacking is becoming a growing industry unto itself. Great news for amateur hackers, bad news for companies with a lot of secure information on hand.
Working with an IT consultant firm on a regular basis can help you stay on top of incoming threats, and will prevent you and your team from making the risky decision to go DIY on your cyber security. Do-it-yourself cyber security, you say, that sounds crazy! We agree, but unfortunately the marketplace does not. More and more devices and software are being sold with the explicit purpose of overriding security systems or existing protections, and some of it is even being done under the guise of user-friendly, helpful hints.
If you’re a parent who has attempted to restrict what your teen has access to on their smartphone or tablet, this may sound familiar. If you’ve ever looked into options to know how much trouble your kids are exposing themselves to, a quick Google probably revealed a whole new world of spy ware options. There are countless choices for different types of “spy” software, all geared to “track/monitor/spy” at some level, from monitoring and pinning location, to copying pictures, text, email, call logs, plus the ability to turn on the phone mic to listen to conversations. These products offer a way to hack or break into the phone so your child would not notice that the phone had been altered. There are even services to assist non-techie lay people with support getting through the “modification” process. Hmmm…they say “modification,” we’re going go ahead and say “hacking.” Tomato, tomahto?
In short, many companies have built a good business model on offering easy to use, “ethical” hacking options to check up on our friends and family. So can you imagine how business is going in the non-ethical camp? Here’s a hint: awesome!
Hacking companies have been able to move their product thanks to the proliferation of web based retail. In other words—it’s easier than ever to buy digital thievery tools online. Devices like the “pwn plug,” which nearly devastated those banks in London, are being manufactured just like modern day toasters. And software for wanna be hackers is not only available, but popular sites like YouTube are filled with friendly user reviews so would-be thieves can shop smart as they plan their next data breach.
Crime Might May, But So Does Vigilance
The ray of sunshine here is that for every hacking device and sneaky software company out there, they’re all only as good as your company’s ability to be pay attention and be vigilant. Working regularly with a trusted IT firm to assess your vulnerabilities and monitor anti-spy software in real time is a sure fire way to keep the crooks at bay. Understanding the reality of what’s out there can help you and your employees shift from a reactive mindset to a proactive approach. It’s much better to call in the IT support team before anything major goes down, and this proactivity will send a message that cyber security is an important issue, which will in turn help build up a culture of serious cyber safety.