image-thief-on-computerIn my last post, I identified the need to protect your business from information theft.   In my humble opinion, most small-medium business don’t pay sufficient attention to this risk.    Here are some interesting statistics about cybercrime’s wide reach:

1 in 6 – Number of companies where employee fell for a simulated phishing email scam
$5.9 million – Median annual cost of cybercrime per U.S. company
47% – Number of U.S. small businesses that provide cybersecurity training to employees

The good news is that your security system doesn’t need to be perfect but rather, it just needs to be better than most.  Routine maintenance, such as keeping up with security updates and patches, can make a big difference.  The cybercriminals are continuously testing your digital “doors and locks.”  By simply upgrading the “locks” and actually using them can cause the criminal to move on to the next “house.”   With new clients, we frequently find that they have security devices such as firewalls in place but they have completed opened them up for convenience or without understanding the implications, essentially leaving the doors unlocked to their business.

Here are 3 simple steps to consider:

  1. Know where your information is and who can access it.  It used to be easy–everything was on the computer at work in the office and that was it.  Now with laptops, smartphones, and tablets, workers are accessing information remotely and easily.  With more and more data stored on the cloud, the actual server location is often unknown.  While mobility and cloud computing have many benefits, they greatly complicate the task of securing data.
  2. Test by attacking your own IT network.  Quite often, it is assumed that simply implementing the protective systems is sufficient.  But if you don’t test them, how can you know they are secure.  Try simulating the ways someone might try to breach your security.  It can uncover serious gaps.
  3. Expand your scope.  It’s not just about hacking.  Physical security and personnel are important too.  Your IT security may be bulletproof but it someone can walk into your building and take information the old fashioned way then your failed.  If your network and physical security are good but you’re not doing background checks, you could inadvertently hire someone with ties to organized crime.  Now you’ve got a big problem.  Your security approach must be comprehensive.

At IT Radix, we’re here to help you with all three of the above.  We’ve seen clients fall prey to all of the above.  But, together with a proactive approach, we can better protect your business from information theft.