October is National Cyber Security Awareness month and I'm slightly ashamed to admit that before stumbling upon a recent tweet, I was unaware of this. Lately, it seems we can hardly go a day or two without hearing about the latest successful hack costing a business money, decreasing productivity, embarrassment in the media, maybe even loss of customers, and the list goes on.
Although I wouldn't classify myself as a 'technical person', after 14 years of IT sales I'd like to think I have gathered some helpful tips that could be of some use. So, I give you my 3 tips to improve your IT Security:
#1 - Yes, it can happen to YOU!
Too often I hear people say that they don't believe their company is the type a hacker would target. A recent Ransomware attack was successfully perpetrated on a small village not far from Syracuse. I won't name them, but this village had several workers infected and paid the "ransom" to get their computers back so they could process payroll on time. How much did that cost the taxpayers you ask? Just a few hundred dollars. This shows attackers aren't always out to get Millions. They are content casting a wide net and reeling in lots of unsuspecting small fish who didn't think it would happen to them either.
#2 - Educate your users
By no means does this have to be an elaborate and formalized training session. I understand not every organization has the budget to fund such a program and honestly not everyone needs to. It's about awareness. Something as simple as making your users aware of IT best practices. For example, your IT providers Help Desk will never send an email asking for your password.
To give a real life example, an iV4 Managed Services client recently received an email that appeared to be from their CEO asking for an account number in order to complete a wire transfer. Fortunately, this employee was an educated user and knew this would never happen over email so they reported the email to iV4. You can spend all the time and money in the world hardening your infrastructure from outsiders but without educated users, it can quickly become a wasted effort.
Tip #3 - Be Proactive
Take the steps necessary to ensure you are secure not only today, but tomorrow, and the next day. If your company doesn't have security policies in place, create them. If you've never had an audit of your IT security, do it, even if it's done by internal staff. If you don't have the staff that can do this, hire someone. Ignoring and pretending this threat doesn't exist is a deadly game of Russian Roulette that many companies will unnecessarily pay the price for.
iV4 has successfully implemented security solutions for numerous clients, undeniably I vote you hire iV4, but even if not us, get someone to help you. It doesn't have to be a huge expense, and can be done in bite size chunks so it won't burden your budget.