No one is safe from cyberattacks -- not even companies that use the strictest security measures. The reason behind is this is because of people, also known as the “human factor.” That means even when companies have layers of security in place, if the people working are targeted by attackers via social engineering or an employee chooses to do harm to the company, there are no simple answers.
Here are some other ways of looking at this that can help with the problem. Now, when you look at the total security picture, a few things ring true again and again. For example, one of the weakest links in a company is its corporate email, but that doesn’t mean you need to stop using emails in your operations in the hopes of protecting your assets.
Here are some steps to protect corporate email:
Back to basics
Companies need to implement policy-based email solutions to protect themselves from outside threats. This type of solution encrypts email and detects when an employee used specified keywords and attachments as well as number patterns. This prevents sensitive company information from getting out. On modern platforms, the effort to integrate encryption can be quite easy. You can utilize special services or look at advanced features on other mail systems. For example, if you look at Office 365, you’ll see that it provides an integrated mail encryption feature.
Let’s be honest, most employees use their computers at work to surf the Internet when no one’s looking, and this could lead to problems in your network. They can fall victim to phishing scams that are often not detected by your network’s security. The source of this phishing can also come in the form of email, on social media, even on your phone. Your helpdesk people will quickly testify that phishing is either a concern or a problem on daily basis. As such, employees can be tricked into clicking on legitimate looking links and this could lead to malware getting into the network. To prevent this from happening, it is crucial that employees are trained and informed regarding the potential hazards of clicking on links or opening emails from unknown sources.
Keep an eye on mobile devices
You can count on the fact that your employees are using their smartphones throughout the day, and these devices can be used against the company. It can be used to send sensitive information outside the office or connect to the network and unwittingly unleash danger within your network. Worse, these mobile devices that may contain sensitive information can easily be misplaced or stolen. The enterprise should take time to reiterate to their employees the importance of mobile security -- the use of passcodes, autolock, two-factor authentication, avoiding unsecure WiFi connections, turning on Bluetooth only when needed, the use of VPNs when connecting to the company network, among other things. Better yet, the latest generations of mobile device management tools are easy to implement and can address (and enforce) numerous elements of mobile security.
The next time you are called in to an executive’s office to address your security concerns, drop these points of information on them. You can never be too modern on mobile security, training, or protecting sensitive information through communications.
Photo credit: Pexels