Not a fiscal quarter goes by that there isn’t a major breach of security of some sort showcased on the news. Whether it’s Target or Heartbleed, these breaches can potentially cost millions, even for a small business. PCI/SOX/HIPAA infractions, for instance, can be very costly, very quickly. A small dentist office, for example, is an easy target for very elementary attacks.
The Poneman Institute reports that “75% of healthcare professionals put their own employees atop the list of security concerns.” The report later states that 80% of security breaches are ignorance and neglect, and that over 90% of healthcare systems have had a data breach of some kind.
The solution is an entirely new way of thinking. Integrating different fronts as well as internal systems to combat threats makes it more difficult to breach and obtain information than simply adding more layers. Here are three of the best ways to protect your office (besides keeping your software and firewalls up to date!)
Lock USB Drives and issue password protected flash drives specifically for work. This is a very cost effective way to reduce exposure, and while it’s not foolproof against a rogue employee, it provides an effective, first line defense against someone who doesn’t belong in your office. Furthermore, a breach onto your LAN can be disastrous. A USB plugged into the intranet, even from a well-intentioned employee, bypasses security and can exploit the server(s) before there’s any indication of trouble. To be blunt, most people in America are not IT personnel and don’t understand this risk. You have no idea what’s on your employee’s flash drive. They may not, either.
Tokenization (and VPN) can mitigate risk considerably. While it may not necessarily stop a breach from happening, it is much safer in many instances than encryption, because a token cannot be “cracked” like an encrypted database can be. Once the key is identified on an encrypted database, all encrypted data is stolen. Tokens, on the other hand, are completely random and must be sent to the original database to retrieve the mappings in order to be of any value. Hence, tokenized credit cards numbers are worthless to a hacker, but an encrypted card has value.
Secure mobile devices. This cannot be stressed strongly enough. Mobile devices should have a VPN client, and their ports guarded carefully. If you have employees that travel frequently, consider a broadband card for them, so they’re not connecting information from their phone (which is, of course, allowed through your exchange service) to an open, unprotected Wi-Fi while waiting at the airport or at Starbucks between sales calls. Spoofing an SSID is child’s play; anyone can do it with a Wi-Fi enabled cell phone.
There are thousands of ways that hackers can infiltrate, hack, draw out and steal information from even the most well protected sources. Most attacks are preventable by using very basic protection; however, these rarely are aimed against businesses. Security is something that can never be overemphasized, and requires a fully integrated approach, rather than the traditional patterns of layering encryption on top of encryption.
Regardless of where your business is in terms of security, we can help. At Cutting Edge Recruiting Solutions, we retain the elite IT talent in Miami. While based in Boca Raton, FL, we serve client companies across the nation. Contact us today to see how we can help with all of your IT staffing needs!