Is your company secure?
Firewall in place. Check.
Virus and malware software implemented. Check.
Email and spam filters enabled. Check.
User password protocols in place. Check.
Employee training courses completed. Check.
Maybe not that easy…
Security has never been simple. There are lots of nuances to the checklist above. Keeping up with protecting your company’s assets, both physical and technological, has been a Red Queen’s race of running as fast as you can to stay in place, half a step in front of the “bad guys.”
Increasing ransomware attacks on local US government cities, police departments, and schools cost millions in downtime, data loss and in some cases, ransom. Just one click is all it takes. The cyber criminals exploit social engineering to lure company employees into taking that fateful click. Does your corporate security sink under its own weight?
Some companies have tried to accomplish a secure environment by locking down all the cyber doors as tightly as they can, adding additional security features every time bad cyber security news comes out. While this approach makes it harder for hackers to infiltrate the company, it also makes it harder for the company’s employees to work remotely.
Picture yourself about to give a demo at a convention or client site, and you just can’t log in to your laptop. You call the help desk and they can’t connect to your laptop at all. After they try everything (including logging in as you to the network), their solution is for you to ship the laptop back for a reset. Opportunity missed!
What happens when your company’s security is so strong that it keeps the users from getting their work done? Or the security protocols keep the help desk from assisting users and turn it into the helpless desk with support personnel resorting to breaking the #1 Law of Security – Thou shall not ask for a user’s password?
Inherent security vs. security theatre
Security theatre is investing in elements of security to give the illusion of comprehensive security, rather than solid practices that actually achieve it.
Inherent security. Are all the elements of your system (software + hardware + processes + people) committed to the tenets of inherent security? Is your security so onerous that company employees are circumventing it to actually do their work?
Companies with many remote employees may have figured out the trick.
- Recognize the balance between locking down tight and leaving door open enough to support your remote employees.
- Multiple layers of security, check systems that recognize when an employee is remote and may need different kind of security than when one is on location, connected directly into the company’s network. This is much like the fraud alert that credit companies enable … allowing access to your funds when they know you’re traveling. Looking for unusual activity or log-ons.
- Two factor authentication.
- Modern hardware that’s able to keep up with the best standards in security software. Yes, that means that your employees should be getting laptops with good processing power that can run anti-virus software and their productivity software at the same time.
So what’s a company to do?
- Backups. Tested backups. Backup drills. Practice what it will take to restore vital parts of the organization’s data.
- See something, say something. Train employees to immediately report suspicious emails. One person may ignore a phishing email, recognizing it for what it is, but a different employee may click on it. Empowering your employees to report suspicious emails (much like reporting suspicious posts on Facebook) may help IT stop the attack before it happens.
What’s the moral of the story?
Balance in security vs. productivity. Understanding that security is a changing landscape. To stay competitive and serve customers, companies have to contend with rapid technological changes: IOT (Internet of Things), the cloud, remote employees.
Dumas Software Services, Unique Solutions For Complex Problems
We bring our experience and balanced approach to your unique situation. Dumas Software Services has the knowledge, experience, and skills to help you navigate complex system problems and decisions. Please contact us today or give us a call at 770-753-9623.