( or your staff, or a guest or your system)
Hacks occur daily, if it isn’t your iPhone, your marital cheating site, your Target and Neiman’s accounts, the OPM (Office of Personnel Management) for the US government or even the IRS, it’s your health care insurance or the hospital. Sure, it is great to have access to all the information and social sites on the global interwebs, but the cost is privacy and security. And we are only talking about the bad guys so far; the fact the Google indexes all your information about what you search, where you shop and who you connect with is a topic for another time.
And you know all this, we have discussed some strategies regarding daily IT hygiene as well as an overall awareness and plans to keep your data secure in the face of so many threats. Knowing the weaknesses and chinks in your IT armour is essential to keeping things from being stolen, infected and or in other ways wrecking your computer and all that machine does for you and your clients.
The Truth of the Matter
The truth of the matter is that the single biggest danger to your security is not some strange guy hunched over the electronic glow of a screen surrounded by fast food trash in the Ukraine, it is someone in your office. Over 65% of IT security problems are the result of human mistakes and problems within the system. *
Sometimes it is a basic flaw in the security set up that you would never see, until someone exploits it. Sometimes your system made be set up well, but laziness or unofficial ‘workarounds’ can create holes in your safety net. It is the insider threat of employee behavior that is one of the most pressing security issues.
I am totally guilty of this: I use the same password for far too many accounts, PINs are written on little sticky notes stuck in various places and sometimes I skip steps I really know I need to follow, but don’t. There are sites that I don’t always visit frequently and can never remember what their password requirements are, or how frequently they ought be changed. so I let the computer store them.
And yes, my websites, email accounts and even Facebook have been hacked. Which we all know means emailing everyone, warning contacts of the danger and basically losing a good portion of your day.
OK, So What?
Knowing that internal processes are at least as important as tech in doing all you can to safeguard yourself and your organization is really helpful. Spending dollars on virus protection when there is no formal policy about bringing in flash drives or clicking on unknown attachments will not help.
Policy without practice or knowing why things must be done a certain way is only half the battle. Have a frank and open conversation about how you all work with computers and the internet. Be sure everyone who touches your machines and your data, on site or remotely is accounted for and understands the behaviors you need to be as protected as you can be.
There are some easy to do and easy to remember ways to safeguard your data, your system and your sanity. Give a call any time, we would love to help you.
310 282 6979
A few outside resources:
computerworld.com and Pluralsight are offering a FREE 9 hour course if you want to learn how to hack yourself.
MySafeId is a firm that provides ID protection and recovery (they have a nonprofit fundraising program for this as well)
Image credit: http://geekologie.com/2010/01/24/wtf-shark-knife.jpg