To further compact the problem the fact that it could be two to three years before you discover they it has happened is an even bigger problem.
So what can you do about it.
In most situations, small and medium business do not have many options.
This is where common sense comes into our thinking.
By putting a number of obstacles in the way, obstacles that either an internal malicious person or an external hacker has to jump over before they get anywhere near your data is a good place to start.
You need to start with the following:
- Start with a number of procedures and policies – Internet policy, email policy, social media policy are a good place to start. Specify your business expectation so that everyone understands their role.
- Implement auditing, and more importantly with alerts, so that you know when someone has accessed corporate data without authority. This will also help with tracking down the incoming and internal culprits.
- Make sure you have the right technology in place – use the newest and most secure operating systems and make sure they are updated regularly.
- Get a good anti-virus, anti-malware, anti-spam system the most expensive one you can afford.
- Treat applications with caution especially applications that are downloaded from the Internet from dubious sites.
- If you can afford it, run a sand box environment ( a system for testing everything before it goes on the production system) and test them including open ports and access to system resources.
- Furthermore get a decent firewall / router. Do not use something that is available from a retail shop, get an all in one system that does firewall, wireless, filtering, application firewall, VPN endpoint and intrusion detection system with a 24/7 warranty. Get it set up correctly, with as much information being reported back to a central point as possible.
- Make sure your wireless connection and VPN systems are secure and are on totally different networks so there is a separation between the working environment and a less secure network.
- Put in place a good DR plan, BC plan and build some resilience into your business. Make sure you have a secure off site location for all critical business data.
- Find someone you can talk to, someone with the right knowledge and understanding of your business as well as security and management. This will help you understand your business requirements and make it easier to implement change within your business, if required.
- On a final note train your staff, not only in what your expectations are but also what they should do if they experience something that is a little “hinkki”. This is a good place to start as your staff can be your early warning system for strange occurrences and experiences.
Ok that is the common sense solutions. T
here are some businesses and organisations that if they are targeted are taking the fight to the hackers.
This includes hiring white hat hackers, creating honey pots and getting as much information on the hacker and either targeting them or setting the police onto them.
To do this though you do need to have a robust system to start off, so don’t take it to the hackers unless you have a system that can handle a prolonged and focused attack.