A lack of IT security is a serious problem for your company. However, by proactively defending your company’s network and devices from threats, you set yourself up for success. Here are five simple ways to boost security across your company.
Limit physical access to servers
In 2015, 30 percent of data breaches were caused by employees—whether by accident or intentionally—due to a lack of internal controls. In order to prevent security breaches internally, take some time to limit access to different servers, applications and information. Work with department heads to understand who needs access to sensitive information and set up security protocols that allow access only to those who are authorized. Don’t forget to include third parties like vendors or service partners in the equation: these partners may have access to sensitive information via a side door.
Prohibit Wi-Fi connections to unapproved devices
This is a quick fix to many issues involving both unapproved devices and unsecure networks: by limiting device access, you make it much harder for a hacker to get in through your Wi-Fi connection. As we’ve discussed, connected devices can act as a gateway for hackers to get into your network. An when using devices over unsecure networks, employees might save company information that’s then easily accessible to third parties.
While prohibiting certain devices from connecting can be difficult, especially if your company follows a BYOD (bring your own device) model, there are certain simple steps you can take to make it easier to control security. See if there’s money in the budget to provide phones and computers to employees that come with security settings in place. If not, ensure your Wi-Fi is password-protected and that the password changes often.
Perform code obfuscation
One of the best things about working in IT is how often you get to say the word “obfuscation”—it’s one of the little things that make the job great. Code obfuscation is the act of making source or machine code more difficult to understand, and thus making it more difficult to reverse engineer and hack.
Take a moment to review what languages your most essential applications are written in and run a corresponding code obfuscation program to make them more secure. As a note: most Android applications are written in Java, which, due to how it is compiled into byte code in a class file, is easier to hack than C/C++ applications. A code obfuscation program like ProGuard can work for Java class files, but we recommend you combine this process with other methods of heightening security.
Conduct an internal phishing campaign
Get a sense of your employees’ security prowess and check the effectiveness of any awareness/education programs you’re running by conducting an internal phishing campaign. Phishing involves misleading a target into giving out information to a non-authorized person. In an internal phishing campaign, you purposely send out such a message to your employees and take note of how many people click the link, give away information or report the link and follow the proper protocol.
Don’t get the wrong message: we’re not suggesting you scam your employees! Instead, use an internal phishing campaign to take note of how security-savvy your employees are and add urgency to your security education efforts. You’ll help everyone in the company become an ally, not a liability, in your fight for security.
Double down on educating employees
The best way to keep your company safe is to ensure that everyone knows how they can do their part to boost security. While phishing campaigns can give you a baseline read of how much employees know, it’s essential to supplement that with an ongoing educational programs to inform employees about how they can keep their devices secure. Your education plan can take many forms, but here are a few things in particular to cover:
- What applications and information employees can install and keep on their work computer
- Good password practices (someday, you will convince Karen from Finance to change hers!)
- How to identify suspicious links
- How to back up their work
- How to report a potential security breach
With just a little elbow grease, you’ll be in good shape to combat the security risks of today and tomorrow. Now on the blog, we’ll be switching topics to something a little more fun: saving money. Check back here in May for more on how to reevaluate your processes and your devices to save cash and work more efficiently.