By Scott Youngs, CIO of Key Information Systems
When you hear about a security breach, you probably think something like, “The IT department must have missed something.” But increasingly, breaches are caused by factors outside of IT’s control. Today, a breach is just as likely to be the result of a devious email or an unwitting employee’s error as a breakdown in IT.
There are three types of vulnerabilities largely out of IT’s control, and they’re increasingly popular with hackers. There are also three actions you can take now to keep your company ahead of these threats.
Hacks That Catch Businesses Off Guard
An Action Plan For Prevention
Now that we’ve seen the challenges, here are three things you can do to prevent them.
There are technology solutions that can help determine whether a file is likely ransomware including anti-virus software, firewalls, and anti-malware detection. These technologies should absolutely be part of any security solution.
There are also non-technology solutions that help prevent disasters brought on by human error. First and foremost, education can prevent many of the cyberattacks brought on by hackers. Companies should require some sort of cybersecurity training as an onboarding process for all employees, which can include several “common sense” precautions.
Social hacking gets information from people — something technology solutions can’t prevent. So, thorough employee training must be a part of any security plan.
For example, it’s important employees know few, if any, legitimate companies will ask for confidential information over email. And, those that do certainly won’t mind if an employee takes an extra step or two to confirm everything is on the level.
Many scenarios like this should be presented to employees and updated as new threats emerge. Perhaps most importantly, this training has to be emphasized and taken seriously by everyone in the company. That means testing employees to make sure they understand and refreshing the training often.
Even companies with the best security technology and employee training will sometimes fall victim to an attack. Therefore, a solid disaster recovery (DR) solution and plan — including frequent, automated backups — is an absolute must so your company can get back up and running quickly after an attack.
The number and variety of security threats is mind-boggling. As these examples show, it’s no longer solely IT’s responsibility to keep a company safe from attacks. In addition to the technology solutions IT can implement, true security requires every single person to be vigilant and well trained.
Scott Youngs is the chief information officer of Key Information Systems, a regional systems integrator with compute, storage, and networking solutions and professional services for software-defined data centers. These competencies are tightly complemented by a full suite of data center capabilities, including private and hybrid cloud offerings, connectivity services, colocation facilities, and managed services.