'The Enemy Within'
(And He is Us)
In last month’s newsletter, I mentioned the cyber-attack against Target. So how did it happen? The “attack vector” for the Target event was their HVAC supplier’s computer that connected over the Internet to Target’s. The supplier’s access credentials (access ID, passwords, etc.) were hacked and then used to illegally access Target’s computer to implant the malicious code. Do you connect electronically to any of your customers? More basically and important, cyber and data theft events can be prevented but the human element comes into play.
The first step is to realize that you have a problem and need to do something about it. Perhaps you think it will cost too much and therefore would prefer to not address it. I’m not advocating that every company become a fortress and spend beaucoup dollars to secure everything. However, ignoring the problem will not make it go away.
The second step is to find out what your risks are by hiring a specialist in this area to realistically assess your risk and provide mitigation solutions to problems found.
The third step is to educate your workforce in the ways that they can contribute to the effort to secure your facility with minimal intrusion into their daily work routines.
The problem with setting up policies and actions to lock down the items above is that they take time and effort to maintain. It “slows” the process down.
3 Ways Your Shop Computer and Network Could Be At Risk
- Have you ever received a USB drive as a gift or as a promo item? Did you reformat it using an “off network” computer before use to eliminate any malware or viruses that may have been placed on it?
- Do you have a policy in place that controls the use of personal devices within your company and the transfer of company data to and from them?
- Do you allow the transportation of company devices such as laptops, USB drives and other portable storage that do not have their data encrypted in case of loss or theft?
Human nature trumps security every time. That’s why people use weak passwords, use the same ones over and over, and never change them. That’s why people fail to update and patch their software. People even do things after they’ve been told not to like opening up email attachments from senders they don’t know.
Consider this example of how we humans work: If you knew that by getting a new and improved credit card you’d have a much smaller chance of getting the data on it stolen, would you want it? Sure you would. How about after I told you that it would take a bit longer to check out while using the card? Twenty seconds longer, 30 seconds longer, or even a minute. Still want the card?
Change is never easy. However, doing nothing is not an option.
TopGun Consulting’s expertise in IT and Physical Security can help you through this process. Give us a call to get the ball rolling and get the answers to any questions you have in regards to securing your facility, systems, data, documents and other records.
- Check out our new "Exhaust Notes" video using the link under the picture of my 1967 Chevelle to the right. In this month's video, I how data can be stolen from your company and what you can do to protect it.
- To check out the rest of our videos including the "Profit Power" and Education OnSite video series, click on this link. Click Here for Videos In the coming months, look for more and exciting content that will surely help you improve your business in this very competitive industry.
- Please feel free to explore my website at www.topgunconsulting.com and see how we can help you improve your efficiency and get you on the road to higher profits and greater success!
I look forward to talking with you soon at 602-510-5998 or email me at firstname.lastname@example.org
Your Profit Driver