Stop Running your Business like it is 2001
This is more of a rant, but it has to be said. Too many of you are running your business like it is 2001. Your business might be growing, you are adding more relevant product, but your systems and your processes have not changed. Specifically, your security.
Let me give you some examples. A company has this amazing firewall that can process 1,000’s of packets per second, a SIEM that is monitoring every server and workstation, but low and behold the helpdesk is saving all the passwords in an excel document on the file server. Unencrypted.
You run a summer camp for disabled children. You have medical data unencrypted on your file server. You do have a firewall, but the firmware hasn’t been upgraded in 5 years.
You are the HR director and you keep all the HR records on your laptop. You occasionally scan documents and send them to the payroll company. Is your laptop encrypted? Does that big corporate scanner have a hard drive? Has anyone ever looked to see if that hard drive keeps the images from the scanner?
The problem with the above scenarios is that nobody thought the hackers were already in the system. If you expect hackers to be in your system, then you will be prepared for when that eventually happens. Because it will happen. Back in 2001 you only heard about attacks on big companies and it was rare. Now, small companies get hacked daily. These companies are much easier to break into because their security is poor. Large companies have processes in place, security personnel that yell at you for leaving unencrypted passwords, they destroy hard drives when getting rid of machines, and they make sure data is stored in the proper designated places. Mid-sized and small companies will put some security in place, but don’t change their attitude about data security. Why? Because it is hard. Changing processes are hard. Teaching people how to use a password management system and to use it is difficult. People have not accepted the fact that their company WILL get hacked. Every security person you talk to will tell you, it is not if you get hacked, it is when you get hacked.
It is time you looked at what your employees are doing with an eye towards information security. Ask yourself, if this data got out, how much damage would it do to my company? You will quickly determine what you will need to protect. Changing people’s processes on where they put the data and how they save it will be hard, but your bottom line might depend on it.
If you have questions on what steps to take to bring your business’ security measures into 2018, contact Thrive today.