poor-it-security

I know this may sound weird, but cybercriminals do focus on customer service.

Particularly it comes to ransomware—an extortion scheme aimed at getting your money after locking down your computer files, demanding a ransom in return for a decryption key—many criminals have made getting top notch service and support a priority.

With easy payment processes—detailed instructions and all major credit cards accepted)—and simple instructions on how to use the decryption key, ransomware criminals have taken strides to make it as easy as possible for a victim to pay their ransom and get their data.

These criminals have even set up 24/7 call centers to respond to user difficulties. Often, the support users get on this call is better than that of their IT Support .

Why should your business be concerned?

Cybercriminals are more invested in your users—by first tricking them into giving up data and then making for a user-friendly payment process—that enables their crime businesses to grow. If your IT Support doesn’t step up to the plate with greater user engagement and exceptional customer service, you likely risk an eventual attack, that could cost your business everything.

(NOTE: Not all criminals are trustworthy enough to hand over your data. Some sell sensitive information on the black market even after they’ve received your ransom payment. Don’t misinterpret an easy user experience as a means to justify criminal attacks).

Security experts are realizing that they simply can’t fight cybercrime by building higher and stronger digital walls.

While having a smart firewall that is sensitive to suspicious traffic and that can block entry to suspicious network requests and block requests from locations known to have high levels of attacks, a wall alone will not stop ambitious criminals (they’ll simply get a bigger or better jack hammer to break through).

What cybercriminals have to do to bypass the firewall is look inside the wall to identify an alternative route. Human errors—choosing the wrong password or clicking on a suspicious email implicate nearly a quarter of cybercrime.

Rather, effective IT Security requires a multi-layered approach:

Proactively Patch and Monitor Your Network— as I’ve mentioned before, if you aren’t patching your network, you’re leaving your business the most vulnerable. Hackers regularly review the latest patch releases and reverse-engineer ways to penetrate your network if you haven’t been maintaining it properly. And even if you think your IT Team has been keeping up with maintenance, if they aren’t regularly monitoring your network for suspicious activity, your network may have been compromised and leaking data to someone selling it on the black market without you even noticing.

Strategically Implement The Right Security Infrastructure—while some IT sales guys may say that you need to buy the top of the line equipment to keep you safe, they likely aren’t explaining what top of the line really means. Some may simply settle on mediocre security infrastructure if it means you signing a contract quicker.

What I tell my clients is that there is no one size fits all security solution. The state of the art equipment in one industry may not be the same as another. Sitting down and having a conversation about your security concerns and needs and finding technology that meets those needs is critical to implementing an effective information security infrastructure that works for your business.

Review Your Policies for Accessing Sensitive Data—many IT Support teams fail to implement policies. They may help you device access and password policies, but more often than not either don’t have the bandwidth or the foresight to effectively implement policies that last.

I recommend having at minimum one strategy session each year, where part of the conversation is dedicated to reviewing your security policies and making sure they are effectively enforced. The only effective guidelines are the ones people follow.

Make Sure Users Implement Strong Passwords— we’ve discussed secure passwords in some of our previous discussions on passwords.

But just to recap a few important points:

Many experts have found that gobbledygook passwords are not always the safest. They are easily forgettable and most frequent type of password that needs to be reset countless times. An example of one such password might be lk29JH$#@xkd!

Rather than relying on more complex passwords to increase password strength, your users should consider longer uncommon word combinations. I’d recommend combining 4-5 words into a password rather than coming up with something unintelligible: “2TomatoesusingWoodchuckssuccess!” is a safe password and definitely is not very common. For greater detailed password tips see our recent discussion.

Train and Engage Users On Their Digital Security—Even if you’ve ensured users are sticking to memorable but tough-to-crack passwords, you may still be risking breaches if your users aren’t on board with security measures. Most of the time, it’s difficult to subscribe to policies if they aren’t well-understood. Training your users to understand implications of sticking to specific policy measures will better reinforce the actual measures.

Keeping your team engaged with your IT Support team will also make it so they are more comfortable to come to them with technical issues, rather than using unsafe ‘fix-it-yourself’ tactics.

Is your IT Support keeping data security a priority? Contact us TODAY for a free security network assessment to start forming a resolution plan to unwanted security risks!