What Employees Can Do
According to McAfee Global Threat Intelligence, “malicious URLs, viruses, and malware have grown almost sixfold in the last two years, and last year saw more new viruses and malware than all prior years combined.”
In its latest report, Threat
Predictions 2012, the global team of security experts at M86®
Labs states that, “targeted attacks
will increase next year with a higher level of complexity, exploiting stolen
digital certificates, using zero-day attacks [software vulnerability exploits
for which security fixes from the vendor are not yet available] and multi-stage
Security is an increasing priority at organizations
worldwide, and it’s no longer confined to the server room walls. Instead,
managing security and privacy involves everyone at your organization. But as
threat levels rise and more viruses attack your systems, are you doing
everything possible to control security threats?
What Your Tech Team
Let’s begin with your tech team and one of the most
vulnerable areas, email. When people at your organization communicate corporate
information within an email, this data is often loosely secured. To attempt to
secure these communications, you should employ systems either hosted outside or
on-premise that offer a way to contain the project and communication channels.
Examples include ApolloHQ, BaseCampHQ, FreedCamp, GoPlanApp, Central Desktop
Also, you should implement technologies that scan all mailboxes and transports for keywords that may seem like an intellectual property breach—and monitor the data carefully. For file exchanges, use an outside file repository with a logging component like Dropbox or Google Docs. That way, you can track current and historic access and use of each file accordingly.
If you are not already doing so, encrypt connections with
SSL/TLS Certifications whenever possible and implement a spam filtering and
technology system to help protect from email viruses, spam and phishing
attempts such as: SPAMfighter Pro, CloudMarkDesktopOne Pro, Barracuda and
MailWasher Pro 2012.
To control the distribution and access to your intellectual
property, consider using a Secure FTP service on premise. This encrypts
commands and data so that private information is protected while being
transmitted over the network.
At the same time, implement firewalls and load balancers
in front of your Web farm to inspect packets and connections from Website
visitors. By doing so, you can optimize resources and avoid overload, while
blacklisting offending visitors who try to infiltrate your system.
These are just a few examples, and you should always be looking for new ways to increase security levels at your organization. But this is not enough. While you can take all of the precautions necessary using the latest technology advancements, none of this will do much good if you don’t communicate security concerns and procedures with your entire organization.
What Employees Can Do
While security issues may come as second nature to you, remember
that employees outside your department are focusing on their core priorities and goals for the organization—not yours. With
this in mind, create processes to educate employees about threats, viruses and
security vulnerabilities within your organization. Start by setting up departmental
meetings to discuss privacy issues and what all employees can do to help the
company stay secure.
You may begin by reviewing Website and email processes.
If you have a system by which you track everything your employees do online, be
sure to let them know. This will cut down on unnecessary Web surfing, personal
emails and other online activities that take away from productivity and produce
a potential threat to the organization’s security.
Also inform employees about email attachments. While you
may have systems running that do not allow potentially unsafe or private
attachments to be opened, employees may be unaware of the risks involved.
Let staff know that you have security processes in place,
but it’s up to them to carefully review attachments or run them through
anti-spam software prior to opening them. Also, remind them to contact your
department whenever they receive a strange email or know of a potential
Once the initial educational process ends, don’t stop
there. Create an ongoing learning process to keep security top of mind. This
may include monthly meetings or newsletters that review current threats and
activities, the latest technologies the company has implemented and other
important security notes.
New-hires should be notified of rules and expectations at
the beginning of their employment to prevent bad habits from forming that may
jeopardize security. You may even consider creating contests or special events
to build awareness about security and privacy issues at your organization.
While you can use all of the technologies available to
avoid security threats at your organization, that is not enough. Your efforts
are only as good as the people running and using the processes put in place.Without a solid team—and respect for each other and the
business—breaches in security and privacy will undoubtedly occur. As a
technology leader at your organization, it’s up to you to create practices that
not only help increase security and privacy, but also inform and educate
everyone involved on a regular basis.
Shane Caniglia is the director of technology at The Rich Dad Company. He can be reached at firstname.lastname@example.org.