When was the last time you saw a survey on Information security in enterprises? It’s a topic that often means different things to different people.
For some it’s antivirus software to stop malware getting in, while for others it’s strict secrecy to stop marketing strategies from getting out. Yet data breaches can happen anywhere in a company and in a multitude of ways. Here are a few aspects that may help broaden your perception of some of the risks.
- Social engineering threats. Social engineers manipulate unwary employees into giving them confidential data. Their end goal might be to get into your computer systems, but their tactics often have nothing to do with IT and everything to do with psychology.
- Remote working hazards. Employees may not differentiate between a safe environment inside the office where they can discuss confidential items; and trains, planes and restaurants where walls have ears. Remember that portable PC screens and mobile phone conversations can be goldmines of information for attackers too.
- Social media risks. How many sites do you visit? How many social media accounts do you have and how do you remember all the passwords? Many people love the interaction in social networks, but can’t handle complexity in keeping logon data different in each case. They may even use the same confidential work system password for their login to Facebook, Twitter, LinkedIn and more. If that one password is hacked, the whole house of cards falls down and your company system is compromised too.
Alongside this, IT security with a software/hardware approach is an important part of information security in general, but far from being the only part. It’s easy to get the latest antivirus automatically installed on work PCs.
On the other hand, getting information security awareness and behaviour ‘installed’ in people’s heads takes training, monitoring, testing and patience. But if you’re serious about staying safe, it’s the way to go.