Improving the security of a business requires an interconnected, organisational approach. This often means a sit-down meeting in which would-be sources of vulnerability are identified, and solutions posited.
Reviewing the situation
Often, the best approach at such meetings is not to think ‘how secure are we’? Questions like this tend to invite overconfidence and bias. A better approach might be to imagine that an attack has already taken place, and then ask everyone to independently come up with a plausible story about how it happened. Conducting this same review every year will allow you to constantly search for new ways of improving things.
Once we have an idea of the scale and shape of the problem, we can begin to see how it might be fixed.
Installing an AntiVirus
The programs which are commonly called ‘viruses’ actually come in a wide variety of shapes. Thankfully, there are antivirus programs which deal with all of these under the same umbrella. An antivirus package comes bundled with a long list of code fragments which have been identified as malicious. These are called ‘definitions’. Given that viruses are constantly being developed and discovered, it’s vital that this list is kept constantly updated.
Updating Software
The first step we can take is a free one. No piece of software is perfectly secure, and for this reason developers are constantly releasing patches which address new vulnerabilities. These patches are often released automatically, and so updating might be a simple matter of clicking ‘yes’. This is especially important where operating systems are concerned.
Physical Security
When we think of a cyber attack, we might think of a remote one. An attacker might well be sitting on the other side of the world; they might, on the other hand, walk directly into your office. Therefore, it’s critical that sensitive IT equipment is kept physically secure, too. Restrict staff access to computer resources, and limit the use of physical storage media like CDs and USB drives. If such a thing is unwittingly left where a third party can pick it up, then a security breach is possible.
Cultural Changes
There is little point in implementing expensive technological protections if they’re going to be undermined by the people using them. For this reason, it’s essential that employers instil a culture of vigilance throughout their organisation. This might mean providing the right education and leading by example. Passwords should be changed frequently, and guidelines should be issued so that staff can come up with appropriately robust ones. Security systems should be tested every so often by staging an attack.
Outsource?
A modern, interconnected business faces an ever-changing host of security threats. While the threat posed by spam is on the decline, other threats like DDoS attacks and unsecured devices are rushing to take their place. To give your business the best chance of staying abreast of developments, and being pro-actively protected, it makes sense to entrust your business’s security to an outside, specialist organisation like Redcentric Solutions.
