Even though we’ve never met, there’s at least one thing we can say about you with almost absolute certainty: you’ve been hacked. Even if you never go online, don’t have a Facebook account, and make every attempt to live ‘off the grid’, it’s likely that at least some of your personal information has been compromised at some point.
Whether you’re a paranoid (read: sensible) individual looking to safeguard your personal computer, the IT officer of your local library, or the CTO of a major multinational, security is a major concern these days. The following ‘hats’ are a combination of specific roles, software, and processes by which you can keep your system secure.
Security by Design
Exploiting servers, computers, or multimedia devices that connect to the internet don’t require a high level of expertise or know-how. There are many tools that are readily available for the so-called script kiddies to download and easily implement by following a simple set of rules. This is it is desirable for products and services to be built secure by design; in other words, the device or software has security as one of its main and most important features right from the get-go.
If you’re not sure whether your chosen product or service is secure, ask them. Using an older piece of kit that’s no longer supported? It may time to ditch it. Hackers are aware that older systems are extremely vulnerable, with ransomware attacks such as Petya and Wannacry specifically went for the outdated Windows XP operating system.
Security measures usually center around software solutions. However, it’s also worth thinking about securing your physical drives as well. For example, if your servers hold sensitive data, don’t make it easy for a would-be hacker to open up your device without having to lift a finger. Invest in surveillance, a locking system for the chassis if your unit, or a security chain for your laptop.
Perhaps the most undervalued aspect of computer security is penetration testing. Whether you’re the IT officer of your local library or the CTO of a major multinational, penetration testing is an integral part of keeping your servers (and corresponding data) secure.
Penetration testing is also known as ethical hacking and it involves the attempt to find the failure points of your system by hacking into them. Exploiting these weak points will allow you to fix your system before hackers can wreak havoc on your business.
Effective security measures can be summarized as follows: preventing the threat, detecting the threat, and having a response mechanism in place to deal with a breach. It is critical that your organization has all three bases covered.
For example, ensure your user accounts are protected with the necessary firewalls and antivirus software. You should have a robust detection system in place, giving you instant notification of any attacks on your system, even if they are not successful. Should the worst happen, you should have a document in place that outlines exactly what you should do in response.
Training Your Staff Members
Data breaches are often caused by carelessness or just simple ignorance. The best antivirus software isn’t necessarily going to stop user mistakes. To strengthen your system security, ensure staff members are aware of what to avoid. You can do this by:
- Holding security briefings on a regular basis. Cybersecurity advice usually goes in one ear and out the other. Emails with security warnings are usually sent straight to the trash folder. To avoid this issue, ensure you run security meetings as often as possible (without annoying everyone!).
- Stick to the basics. Don’t overload staff with technical jargon or things they never have to worry about anyway (that’s what your IT department is for). Just provide the necessary information in an easy-to-digest format.
- Keep it personal. People listen once it becomes personally important. Engage your staff by making them aware of the threats to their personal data. For example, give them a link to this website, which allows users to check if their personal details have ever been hacked.
- Testing. Make sure your employees are actually listening to the security spiel. We’re not talking a timed test under exam conditions, but ensure you test staff members once class is over.
- Hire a professional. Comprehensive training on the subject of security should be handled by a trained professional. Your regular meetings can easily be led by your IT officer, but try and run a qualified course every six months if possible.