Your company is unique.
The threats against you are real.
Your company is a target.
Consider this. If you’re a small concrete company that does a few million dollars a year in revenue (or less.. ), then you can easily become the target of some bad actors out there who think you might have just enough money to mess with you. The target on your back may not be the same size as Target (see what I did there?), but you’re probably a much easier target than Target.. ok, I’ll stop saying target/Target.
You are small enough that won’t have full time IT people, you absolutely don’t have security people. You will not see an attacker probing your wifi, your email system, your public IP addresses, etc. Here are the top 5 ways they’re going to get in:
- Phishing / Spear Phishing – Sending malicious files or web links to your email
- Social Engineering – Someone will gain the trust or deceive one of your employees, who will leak information
- Physical Security – Smash and Grab! Say goodbye to your laptops
- Bad Passwords – Old, tried and true, don’t use “password” or “password123” as your password
- Mobile Devices – No passcode? No thumb print? Problem!
None of those are necessarily solved by technology problems. That’s hard for me to say, since I’m a technologist through and through. I think code can do all and fix all. The solution to all those things above is good employee education.
Teach your staff that there IS something to be concerned about. Come up with secret code words when you call in and authorize a transfer of a few thousand dollars. Be paranoid. Think like the bad guy.
Phishing – Don’t click links. Ever. If the link looks like “bankofamerica[.]com”, then just type it… never click it. The last thing you want is some ransomware infecting your network and blocking your Quickbooks file. That would suck.
Social Engineering – Don’t give out anything. Ever. Over the phone or in person. The tidbit you’re sharing today, can be put together with other information over time to get access to a bank account.
Lock your doors! Put away laptops after hours. Look into security camera, motion sensors, etc. Your office has a sweet window, but remember they can see in from the outside. Got a new shiny iMac? New target for the dude walking by who wants to steal it from you.
Passwords – Use a password manager already. Enforce password length and don’t allow dictionary words. Look into Dashlane, LastPass, etc. No two systems should share a password.
Mobile – Put a passcode on it. Make it lock automatically. Depending on your level of paranoia, don’t allow corporate/work emails on a personal phone. Whether that’s by policy or technology, just don’t allow it.
Need help with any of this? Start a conversation. Heck, reach out to me. Talk to your IT contractor/help desk person. Take it seriously.