Is Your Business Security Good Enough

Is Your Business Security Good Enough 150 150 Kerry Butters

Computer security is an important issue for any business and it seems that hardly a day goes by without us hearing about another botnet, hack or malware attack doing the rounds. The most notable of late was a vulnerability in SSL certificates, and whilst there’s little evidence to suggest that hackers have taken advantage of the Heartbleed bug, it still brings to the fore the ever-increasing problem that is network security.

For businesses, securing the company network isn’t a particularly difficult task, nor is staff training, but many still don’t have adequate enough protection to ensure that the company, or even customer, data is safe.

According to a recent survey carried out by the Poneman Institute, this is due to many enterprises lacking the tools to protect their information and “a disconnect in executives’ perceived value of data”. The study saw a huge 80% of IT professionals state that their company execs don’t seem to see the correlation between a cyber-attack and loss of revenue when it comes to stolen data.

Security is lacking all round

This is a worrying statistic, as security has to be a priority in this technological age that we live in. If customer data is stolen, firms stand to lose not only a loss in business due to the spectre of a system audit, but also possible fines and even the loss of customer confidence. Even if it’s not customer data that’s stolen, the loss of sensitive data from within a company can have serious ramifications for the future.

The study also found that a large majority of IT professionals don’t feel that they are given adequate tools or budget to be able to effectively protect the network from an attack. Further to this, just 41% said that they believe they understand the threat landscape facing businesses today and a third of those asked said that following a data breach, they didn’t know exactly what data had been stolen, or how.

However, the research also found that board level executives are learning, as there was an increased understanding when compared to previous survey results. There does also seem to be a lack of communication between companies and vendors taking place too, as 51% said that their solutions provider doesn’t let them know about the root cause of an attack after it had occurred.

6 in 10 firms don’t have adequate security

The study also found that six in ten companies don’t have adequate protection, which seems slightly unbelievable when you consider the how newsworthy cyber-attacks have become.

“This global security report shows that the cyber-security industry still has more work to do when it comes to addressing cyber-attacks,” John McCormack, Websense CEO, said in a statement. “Security professionals need effective security measures and heightened security intelligence to keep organizations safe from advanced attacks and data loss.”

But does all of the responsibility lie with security professionals, especially in light of the above statistic? Not really, when it comes to it, the security of any company’s data and that of its customers if the responsibility of the business. This means that it’s necessary to invest in enterprise-level solutions which should take a layered approach to security that includes, hardware, software and staff training.

Training is a security must

Employees often lack enough training to understand how even the simplest actions could cause a security breach at work. Many examples of malware are capable of effectively taking over a machine to examine the company network and steal data, just because an employee has carried out an action as simple as clicking on a link.

Whilst this can be addressed to some extent with permissions on the company network which don’t give all employees full administrative rights, this isn’t completely the answer. Employees need to know the consequences of their actions and without training, they simply can’t.

Such basic training can easily be implemented at induction time, when a new employee first joins the company, and can be further reinforced with a strong company policy document. This could include:

·         Information on data protection and what happens to the company if this is breached

·         Social media at work usage policies (ban clicking on meme links and suchlike)

·         How to deal with links and attachments in email

·         What to do if they think they may have clicked on a malicious link

·         General overview of computer security

·         Strong BYOD policies for those using their own devices

·         The use of open Wi-Fi connections to connect to the company network

Security is the responsibility of us all

Many consumers lack the basic knowledge when it comes to dealing with malware, viruses and other attacks, especially when it comes to social media. However, if there’s something many high profile attacks such as Conficker should have taught us, it’s that internet and network security is something that we all should have a vested interest in.

Conficker was a worm that appeared in 2008 which created a huge botnet that potentially had the ability to threaten the entire internet infrastructure. Now imagine if the internet was taken down by a botnet and the implications that has for national infrastructures. We rely so much on technology now that Conficker really did have the power to create complete chaos.

But how much have we really learned from Conficker? If it’s true that only 4 in ten firms have adequate network security, then it would seem not very much. Governments have begun to address the issue on national levels by creating cyber task forces, and are working more closely with businesses to heighten awareness surrounding internet and data security, but is it enough?

Not really. Firms have to be willing to take action and that means that board level executives have to learn the importance and value of the data that they store. Added to this, awareness must be raised at all levels within a business if it is to successfully ensure that the network is protected.

For execs, this means listening to the concerns of IT staff, as well as educating themselves on potential threats and data loss. Ideally, a disaster recovery plan should also be put in place so that a company can quickly respond should the worst happen.

We all have a responsibility to ensure that the internet and our data is protected, and the only way that can happen is through education and the implementation of robust, enterprise grade security solutions on the business network.

Is your company data secure? Whatever the size of your business, we can help to advise you on the best solution for you. Give us a call today on +44 (0)8450 740 530 to see how we can help you to secure your company and customer data and protect from attack.