7 Cyber-Security Layers
PC Pitstop VP of Business Development, Mike Schroll was quoted extensively in this great article by Peter Gasca for Entrepreneur.com.
Mike Schroll, the VP of business development for PC Pitstop, a creator of security and performance software, is a former hacker and made his living professionally hacking into and identifying vulnerable areas in the cyber infrastructure of large organizations.
Related: Don’t Wait for a Disaster to Interrupt Business. Prepare Now.
Schroll points out that several layers of cyber security exist, like an onion — both of which, if hacked, will cause many tears — and entrepreneurs and business managers need to be aware of all the layers to best protect a company’s cyber infrastructure from threats.
1. Social engineering
The first layer is protecting your company from attacks from afar. Hackers have been known to find general information about an individual online — we do, after all, share everything about ourselves on social media — and use this information to manipulate employees of companies, such as banks, to disclose personal and sensitive information. While these disclosures are a failure on the part of the employee, more often it is a systematic failure of the organization to train and emphasize security protocols.
Schroll suggest that you make certain you have stated security processes that are reviewed with your employees and tested often. Have a process to verify callers and never disclose passwords or other sensitive customer information.
2. Physical security
While you may believe your building and technology — and hence your sensitive information — is safe and secure physically, good hackers know “tricks” that will allow them to penetrate even this layer of security. Additionally, many business owners pay little attention to other physical aspects of their companies’ operations that pose a threat, such as leaving computers exposed or failing to destroy old hard drives.
As with other employees, these physical security breaches are not always an issue with the security personnel but rather the organization’s general security protocols. Schroll recommends that you encrypt your drives, leverage cloud backups, enclose any hardware ports exposed to the public, have old hardware disposed by professionals and use theft recovery software, such as Prey Project, on business devices.
3. Wireless security
Your wireless Internet also poses a threat to your company. We often forget that Wi-Fi signals can extend much farther than the walls of our offices, and a hacker with a good antenna can connect to your signal from far away. Once in your network, file shares without protection or computer accounts that have simple passwords become an easy channel for getting to other sensitive information.
Schroll says companies should be using WPA2 protocols, not the antiquated WEP or WPA. Additionally, your router password needs to be as strong as all other passwords. Never use a default password and make certain it is nothing that can be easily guessed (your company address, for instance).
According to Schroll, passwords are like underpants — they need to be changed often, kept private and never shared with anyone. The best passwords are long, use a combination of uppercase and lowercase letters, numbers and symbols, and are different across accounts.
Schroll suggests using phrases, which are easier to remember. For example, consider this famous phrase from the movie, Forrest Gump, “Life’s a box of chocolates, Forrest. You never know what you’re gonna get,” which would translate to a very effective password “L’aboc,F.Ynkwy’gg.”
While keeping track of all of these passwords may be overwhelming, consider a service, such as 1Password or LastPass to maintain and keep your passwords secure.
239 total views, 4 views today