Security issues continue to make headlines, but does your business care? Are you using the common arguments: We’re too small to be targeted. We have nothing worth stealing. Security is too expensive. It’s too difficult.
We’re too small to be targeted: False. Everyone is targeted, directly and indirectly, and that includes your users at home. Attacks may be as seemingly benign as spam or as overt as active attempts at gaining remote access, but they are happening all the time to everyone.
We have nothing worth stealing: False. If you have a computer and a network, it is valuable to someone. If you take credit cards or keep employee data, invoicing, or any other data electronically, your value as a target is even greater. Even if an attacker is not interested in your company specifically, your employees, customers, and partners may lose trust in your business if their information is compromised.
Security is too expensive: False. The most likely and successful compromise someone can pull off today is going to be done through you or your people. Security education is both the cheapest and the most effective first step in a comprehensive security program. Basic network protection in the form of firewalls and monitoring is also cost effective for deterring constant automated network scanning that looks for common vulnerabilities. Basic patch management in the form of WSUS is provided free from Microsoft and takes a minimal amount of effort to install, configure, and monitor for keeping up to date with monthly Microsoft patches.
It’s too difficult: False. Security education can start with simple things such as emails to employees, signs, and awareness. On the other side, advanced network protection products can give your IT department point and click access to locking down your network and systems. These are systems that can be run by your existing IT staff with minimal extra training.
Movies and TV shows give a false impression of what is possible in the hacker world the same as they do with all genres. Hackers don’t write brand new programs in seconds to overcome a defense they didn’t anticipate. They don’t write specialized viruses to shut down alien space ships or take over corporate networks in seconds. Specialized exploits and attacks may take hours to months of research and coding to get right, and standard layered protections are often able to detect or prevent their harm if they are correctly implemented and monitored. Most attacks will take the path of least resistance. While it is true that you cannot protect yourself from every attack, there is a balance of prevention, detection, and risk that should be thoughtfully pre-determined by business leaders.
Do not give up before you get started.
Paul Comfort
Senior Systems Engineer
Chi Corporation
@PCComf
440-498-2300
