At its core, cyber security is a people issue. Viruses don\u2019t magically appear in your company\u2019s system. They get there because of things employees do (or don\u2019t do), frequently without realizing it.<\/p>\n
Most people know the basic rules of cybersecurity: don\u2019t open suspicious attachments, don\u2019t click on suspicious links, don\u2019t give your bank account to anyone claiming to be a Nigerian prince, etc. But there are other ways people expose their businesses to risk, many of which are routine, seemingly harmless actions.<\/p>\n
Risk 1: Traveling Devices<\/strong> Laptops and thumb drives are routinely used outside your company\u2019s secure network. Sales reps take their laptops on sales trips and customer visits. Managers save files on thumb drives, so they can continue working at home. And while most businesses have decent firewalls, the average home network has expired anti-virus software, weak passwords, and kids who download things they shouldn\u2019t. In short, home networks are pretty vulnerable to malware. If a laptop or thumb drive picks up a virus and then goes back to the office, that virus can spread into the company network.<\/p>\n Risk 2: Mobile Apps<\/strong> Using outside apps for company business is like handing your wallet to a stranger. You have no control over how your information is used, stored, or protected. If anything happens to the app\u2019s publisher, your information is up for grabs. For example, in June 2017, the password management app OneLogin was hacked, giving the criminals access to thousands of people\u2019s user IDs and logins. When employees give third-parties access to their company email, financial data, and passwords, that information is less secure.<\/p>\n Risk 3: Outdated Software<\/strong> To be fair, newer software also has security flaws. New products, however, are routinely updated with security patches to repair the holes. Here\u2019s the catch: in order for the security patches to work, end users have to install them. And end users, it turns out, aren\u2019t great about installing updates. The Equifax hack was traced to a known security flaw in a common web program. Even though Equifax was alerted to the issue, they waited months before taking action, giving hackers plenty of time to work. Had the company been more proactive, they may have been able to prevent the entire fiasco.<\/p>\n TWO WAYS TO IMPROVE SECURITY<\/strong> Create a Cybersecurity Policy<\/strong> <\/p>\n The policy should also include an employee-specific section that explains how the policy affects them. This might include rules regarding the following:<\/p>\n <\/p>\n While documenting your policy is important, documentation alone won\u2019t lead to change. You need to actively engage with employees around this subject. Have educational sessions about cybersecurity. Explain the different ways hackers may attempt to attack your business, and teach employees to identify suspicious messages. (This is useful knowledge for their personal lives as well!) Describe the changes the company is making to improve security and their role in these changes.<\/p>\n Change Your Infrastructure<\/strong> A lot of businesses don\u2019t trust the cloud. They want to have physical control over their technology because it feels safer. But private servers are actually the riskier option (unless you also have a full-time cybersecurity team). Keeping your data on a private server is like keeping your money in a shoebox. It\u2019s physically in your possession, but if a criminal breaks into your home, the shoebox is easy to steal. Using the cloud, on the other hand, is like keeping your money in a bank. You still have access to the money, but if a thief breaks into your home, there\u2019s nothing for him to steal.<\/p>\n So, what\u2019s to keep viruses from getting into the \u201cbank\u201d? In a word, resources. Cybersecurity is expensive, which is why most businesses only have the basics. Data centers, however, invest heavily in sophisticated security tools and anti-virus software. They also provide 24-7 monitoring by cyber-security experts who constantly walk the (virtual) perimeter, checking for weaknesses and suspicious activity. Let\u2019s go back to the shoebox vs. bank analogy. Your only way of protecting that shoebox is to lock your front door. The bank, on the other hand, has locks on the door, cameras in the ceiling, and German Shepherds patrolling the lobby.<\/p>\n Cybersecurity can seem overwhelming, especially if you don\u2019t have a technology background. But when you approach it as a people issue, it\u2019s a feasible project for any business to tackle.<\/p>\n This article originally appeared in Building Products Digest.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" At its core, cyber security is a people issue. Viruses don\u2019t magically appear in your company\u2019s system. They get there because of things employees do (or don\u2019t do), frequently without realizing it. Most people know the basic rules of cybersecurity: don\u2019t open suspicious attachments, don\u2019t click on suspicious links, don\u2019t give your bank account to […]<\/p>\n","protected":false},"author":2,"featured_media":3161,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[97],"tags":[],"class_list":["post-3078","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article"],"acf":[],"yoast_head":"\n
\nComputer viruses spread kind of like human viruses. A cold virus spreads when a sick person comes into contact with a healthy person. When a computer virus gets into a network, it spreads into devices that connect to that network. If an infected device connects to other networks, the virus spreads again. This is why traveling devices such as laptops and USB thumb drives can be security risks.<\/p>\n
\nMobile apps can legitimately improve productivity at work. With so many free options to choose from, people are building personal libraries of apps to track expenses, streamline their inboxes, and manage their passwords \u2013 all from their phones. While these apps are highly convenient, they can also make company information more vulnerable.<\/p>\n
\nNew software isn\u2019t always a huge priority for businesses. \u201cI know the program is 10 years old,\u201d the thinking goes, \u201cbut it still works. Why should we pay for something new?\u201d The current generation of software programs aren\u2019t just faster and better, they\u2019re also more secure. Older software is often full of well-known security holes, which makes businesses running these programs attractive targets for hackers. For example, the WannaCry virus exploited a weakness in Microsoft Windows 7, an old operating system from 2009. Computers with the most current version of Windows were not vulnerable to the virus.<\/p>\n
\nViruses, hackers, and software patches are all technology issues. But taking a laptop home, using outside apps, and ignoring security updates are all people issues. If you really want to improve cybersecurity, you need to address human behavior. (And, because humans aren\u2019t perfect, you need a contingency plan.)<\/p>\n
\nA cybersecurity policy is more than telling employees they can\u2019t look at Facebook. It\u2019s a proactive plan for how the business will protect its network and respond to security breaches. Some things the policy might include are:<\/p>\n\n
\n
\nChanging employee behavior is important, but there\u2019s no way to make any system 100% human-proof. People will make mistakes. This is why the second course of action is changing your infrastructure. More specifically, stop using an in-house server and move your data to the cloud. Using the cloud won\u2019t stop employees from opening a corrupt file, but it does protect your data in the event a breach happens.<\/p>\n