How does a Business Owner Insure IT Security with Employees?
Having worked in the technology field for many years, I’ve developed a certain perspective regarding the security of technology devices in my office and in my home…and frankly, I’m not sure if it’s “healthy” or “unhealthy”. Here in my office, if I take a look at the devices connected around me, I see a computer with connections to internal resources as well as external Internet- and cloud-based resources; I see a little USB drive hanging off my computer; I see a smart phone with all sorts of applications loaded on it; I see an IP-based phone, with voice mail, and all sorts of other capabilities. At home, I have a cable modem, a little wireless router, a few cable boxes, telephones with voice mail service, and a couple of smart appliances. Although all of these devices are either essential for me to be able to do my job…or help make my time at home be more convenient and enjoyable, I can’t help but think they all have one thing in common…and that is all of these devices can be hacked!
The simple truth is that if you can plug it in, or connect it to a “network”, your device, no matter what it is, can be taken over by someone else. And the truth is that someone doesn’t have to be an experienced hacker to do some serious damage…either on purpose or by accident.
Frankly, I’m a minimalist when it comes to technology…I want to turn things on and have them work. I don’t need every fancy attribute, but I expect that my equipment will work, and I don’t need any hassles with hackers. Part of what makes new technology so exciting is that, unlike the old days, it works right out of the box. Now any “non-techie” can download just about any application very easily, and it just works. However, with this “tech world” being more accessible, it also becomes more problematic…and the hackers love it!
Take a look at a quick list of devices that “experts” think will be vulnerable over the next few years as the Internet of Things becomes more widespread. Here are the pretty obvious items: smart phones; smart watches; office computers; tablets; home computers; the cloud (services, storage, software); ATMs at banks; printers; GPS devices; Wi-Fi routers; web cams; thumb and portable USB drives; cable box or DVR; voice mail (especially those with a global call-in numbers that don’t lock out after successive failed attempts)
But how about these “less obvious” items…these might be the “hack-able” devices of the future: power strips (today, they can be infected with malware); power cords for your devices (software code can be implanted now); luggage trackers (such as the Trakdot); connected glasses (Google Glass); gaming consoles: PS3, Kinect, Nintendo; refrigerators (such as Samsung); cars with computer operating systems; smart pens (like the Livescribe); gesture control devices (such as the Leap); cameras; smart alarm clocks; coffee makers; key fobs; light switches; moisture sensors; traffic lights (MIRT transmitters can change lights to green in two to three seconds); highway signs that spell out text And I didn’t even mention medical devices, which are frighteningly exposed to hackers.
The proliferation of all this technology creates a constant need to keep devices updated and secure. For small- to medium-sized business owners in particular, where your internal IT support may be minimal and less-experienced at best, you are uniquely vulnerable. Experts believe the most vulnerable device in any American house is the cable box, because it is so rarely updated. However, if a hacker takes out your cable box, the damage is pretty well contained…hopefully. Yet, if a hacker takes out your company’s server, or critical workstations are compromised, it could bring your company to its knees, and potentially put you out of business.
If what I’m saying makes you uneasy, you’re not alone. So how should we think about our constant vulnerability? Whether it’s “healthy or unhealthy”, I make a daily assumption that everything I do is hack-able. I have an awareness of potential vulnerabilities, and I’m trying to develop an evolving set of street smarts…all business owners should as well.
For example, when you’re traveling and working on the road, consider carrying your own Wi-Fi hotspot. You can use a secure virtual private network (VPN) to send and receive email, and to access content that you have stored in the cloud. (Truth be told, that network can be hacked too, but at least your IT person or your managed services provider can watch the logs of what information is coming and going, and attempt to fight off intruders.)
Another good rule of thumb is to keep your network cloaked, meaning, don’t name it “Joe’s Hotspot”, if your name is Joe Smith. As a managed service provider who performs regular network assessments for prospects, we routinely look at networks, and are astonished to see how many people use their own names or the names of their companies in their naming conventions. One approach is to change the names of all your devices to your mobile phone number. That way, if your laptop is lost or stolen for example, someone will see a phone number rather than your name, and perhaps there will be less of an incentive to poke around your machine to see what’s there.
Another idea is to use passwords that are easy to remember, but difficult to crack. Experts say you’re best off with a long phrase that also includes numbers and at least one capital letter. For example, something like “Iwant99pizzasand12sodasfordinnertonight” is actually more secure than “Gx1U2y,” because the algorithms that are used to crack passwords have to process many more computations when the password is longer. Speaking of passwords, as much of a pain as it is, please change them regularly…weekly is recommended. It should go without saying that each one of your networks and devices should have a different password. When was the last time you changed yours? Since I know you’re wondering: there is no workaround for this and no way to short-cut the management of your own passwords. Again, another function you could look to your managed services provider for assistance.
Another good rule is to turn off your peripherals when they’re not in use, including printers. Same goes for nonessentials on your network, such as additional computers, game consoles, and the like. The more things you have plugged in, the more opportunities there are for penetration. Be cognizant of who’s plugging “what” into your network. An innocent-looking thumb drive can destroy your computer within seconds…scary.
The good “healthy” news is that the “tech world” is open to all, offering fantastic business opportunities “in the office”…not to mention that it teach kids how to use and control the many devices that are undeniably tied to their futures “at home”. The truth is that open networks are vital to innovation…however, the “unhealthy” truth is that they aren’t totally secure…and probably never will be…
It is incumbent upon a business owner to insure himself that as his company data is proliferated over smart phones, home networks, everything remains secure! ANP can help you evaluate if in fact you have everything secured, what happens when an employees laptop or smart phone is stolen; can your company wipe off the data? ANP can help, check out our free network assessment below.