Cyber security is complex, highly technical subject that is best left to the Asperger-nerd in the computer room battling against the pimply-faced hacker sucking down Mountain Dew in his mother’s basement, right? It’s a cat and mouse game that pits the white hats against the black hats, the antivirus computer scientists against the hackers, right? It’s certainly not the realm of the average small business owner, right? Wrong, wrong, and wrong!
What if I told you that human error was more responsible for data breaches in 2008 than hacking? What if I told you that hacking was third on the Identity Theft Resource Center’s (ITRC) categorized list of data loss methods? The reality is that network security is a people problem first and a technology problem second.
More Awareness, Less Reliance
I’ve come to a remarkable, if not depressing realization in my information technology career. Over the last 20 years of consulting, I’ve visited scores of clients in hundreds of facilities and I can easily count the number of times I was ever given any sort of cyber security orientation – exactly once. I’ve walked into propped-open back doors of more manufacturing facilities than you can shake a stick at, and more often than not waltzed right up to a machine control panel, hooked up my laptop, and started pounding away at the keyboard while smiling and waving at trusting operators I had never before met in my life. The realization is this; the vast majority of companies, large and small alike, is completely oblivious to the weakest link in the security chain; people.
The misperception that cyber security is all about technology is a serious mistake that is made by both small and large businesses. The small businesses often believe that they are not sophisticated enough to employ their own cyber security programs and, therefore, either ignore it altogether or simply outsource it to an IT subcontractor. The large businesses spend millions of dollars on intrusion prevention systems, biometric security, and other sophisticated technological countermeasures.
Hopefully by now I’ve made the point that cyber security is about much more than firewalls, Trojans, and keyboard loggers. So without further delay, here is a list of five no-cost practices every organization can implement that will go a long way toward securing their data.
Use Passwords, Use Them Well
OK, show of hands… how many of you are rolling your eyes? It sounds obvious, but password laziness and ignorance is still the number one vulnerability for computer systems. I understand how painful it is these days to maintain all of the user names and passwords in our lives these days. However, it is the world we live in and we must accept it and follow these bare minimum password practices:
- No shared passwords: This is especially common in process automation where there are many users of the same machine. Everyone must have their own unique user name and password.