Recent Blog Entries WHOOP
Written by 9rules Blog on May 24, 2016
Every business and individual knows that it’s critical to secure investments of value. We all devote considerable money and effort in making sure that the other things in which we’ve invested remain in our possession.
Most businesses are well aware of the need for physical security. They dutifully install alarms, manage key issuance, and regularly update access codes. But cyber security can be woefully lacking, and a weak point in this system can be far more devastating than an unlocked door or unsecured piece of equipment.
As intense as the electronic security climate has become, it would seem that most businesses would be on point with security. But the fact is that many of them are not, and there are several main reasons why.
We Don’t Know What We Don’t Know
Physical security is immeasurably easier to evaluate. We all know that cash, electronics, tools, and inventory need to be locked up and carefully tracked. But electronic security is very different, because it involves intangible assets, and many managers have no concept of the particular vulnerabilities they have.
For example, many companies fail to set up appropriate virtualization security when they are involved in cloud networking. These are essentially electronic mock-ups of programs or web sites, fully functional and just a few steps away from use. Think of them as a prototype automobile, ready for use but just not in production yet. Now imagine how desperately the competition might want to get their hands on it.
But because virtualization feels internal and seems inaccessible, many managers don’t adequately secure it, and proprietary products are in danger. That’s to say nothing of employees within the company who might engage in corporate espionage in order to make money, gain inroads at another employer, or simply retaliate for perceived mistreatment.
Out of Sight, Out of Mind
A door left unlocked is easy to notice. Cash in the open grabs your attention. But networks without sufficient encryption or out-of-date password protection don’t draw as much interest. As long as everything functions normally, most employees are content to extinguish some other fire.
It’s this complacency that is most dangerous. Passwords can be hacked at any time, but the longer they remain unchanged, the better the chance that someone can break through. Your IT staff needs to stay on top of all security issues, including those that fade in the rearview mirror. Even older servers that aren’t used anymore can present a risk. They should be either transferred into new systems or reinforced.
The Treadmill Is Just Too Fast
In order to keep pace in an ever-more competitive business climate, managers know they need to implement new technology quickly in order to achieve the same advantages that other companies have. Social media in particular is in the midst of this hurricane. However, the combination of a short time frame and a steep learning curve leaves employees a little behind on the vulnerabilities and needed security processes of these new systems.
The cloud is a perfect example. Companies that didn’t begin utilizing it early on found themselves less efficient and slower in reacting than competitors who did so. As a result, mandates were issued and data began flowing into the cloud–all of which happened much faster than employees could learn to secure that information. IT personnel need to make it a primary focus to help all other employees understand and work with new technology, and they need to bring them up to speed quickly.
It’s impossible to avoid all threats. It may even be impossible to prevent all attempts at access. But criminals typically harvest the low-hanging fruit; that is, your security doesn’t have to be the best as long as it’s better than another potential target’s security. When you make every effort to stay a step ahead of others, you’re staying a step ahead of the criminals.