Fact: You or your business will probably get hacked at some point. Its not a question of if, it is a question of when and what you can/should do about this.
In today’s technology landscape, every business owner is responsible for securing some amount of data and every business owner is vulnerable to security breaches. This holds true whether you’re a large insurance company, non-profit or small family-owned construction business. To put the situation into perspective, consider the unusual situation of Gene and Lori Cate of Cate Machine & Welding–a small family-owned business located in Belleville, Wisconsin.
Every Computer is Vulnerable
Like a lot of small businesses, the Cate’s have an old computer in their back office. But there is one notable difference about the Cate’s computer–a few years ago, it was taken over by a collective of foreign hackers. This may sound farfetched but in fact, it is not as unusual as it sounds. One way hackers remain invisible is by taking over vulnerable computers owned by small businesses. The Cate’s computer was hijacked by Codoso, a collective of hackers for hire based in China who once took over the Forbes website. The group has also breached and attempted to breach the sites of U.S. universities, banks, airlines and other large businesses. For now, the Cate’s computer is now being monitored by intelligence to help prevent further security breaches nationwide. This means that while the Cate’s continue to weld products for clients in their shop, their old computer is busy helping to fight against security breachers. As a recent report in the New York Times observed, “The hackers use [the Cate’s computer] to plan and stage attacks. But unbeknown to them, a Silicon Valley start-up is tracking them here, in real time, watching their every move and, in some cases, blocking their efforts.”
What does the Cate’s situation illustrate? Put simply, if a group of hackers based in China can take over a dusty old PC sitting in the back room of a welding shop in Wisconsin, it seems reasonable to conclude that no computer online is entirely safe from hackers. Of course, the larger your company and the more desirable the data you have on file (e.g., thousands or millions of credit card numbers of social security numbers), the more likely you are to become the victim of a security breach and not simply a computer hijacking, like the Cates. The question, then, is how to prevent security breaches.
Training for Prevention
The number one way to prevent cyber security breaches is to train your employees. While it is critical to have specialized personnel on staff to manage cyber security issues in larger organizations, in organizations small and large, every employee is part of the cyber security solution. Among other key steps, your cyber security training should cover the following key points:
- Ensure all Employees Know their Security Roles and Responsibilities: From customer service representatives and receptionists to data architects, everyone has a role to play in your cyber security plan; ensure everyone knows their role and responsibilities.
- Ensure all Employees Understand and Apply Concepts of Confidentiality: Review which types of data must be kept confidential.
- Review Compliance Standards: Cyber security and compliance go hand in hand, especially in health care settings.
- Understand Legal and Regulatory Issues that pertain to information security in a global context: Understand how to safely transmit data when working with international clients.
- Develop and Implement Documented Security Policies, Standards, Procedures, and Guidelines: Have a clearly articulated cyber security policy/set of standards and ensure it is implemented across your organization.
- Make Cyber-Security Part of Your Recruitment Process: Train your talent managers to screen out potential cyber security risks during the recruitment process.
- Understand and Apply Risk Management Concepts: Train employees to identify threats and vulnerabilities, develop and implement countermeasures and report on suspicious activity.
- Understand and Apply “Threat Modeling”: Train employees to identify threats among contractors, employees, and even trusted partners.
- Develop and Manage an Organization-specific Information Security Education, Training, and Awareness Program: Determine appropriate levels of awareness, training, and education for your organization and ensure your plan is being implemented.
For more information and to start rolling out your cyber security training program today, see eLeaP’s information security awareness training program.