The job of companies has traditionally been to make sure that they protect their physical assets from damage. But thanks to the rise of technology, the value economy of “stuff” relative to data is declining. Tech millionaire and entrepreneur Jaron Lanier has made the observation and pointed out that the majority of people who are getting rich in the world of technology today, have a big computer nearby that stores a lot of data. Facebook, for instance, has a treasure trove of data relating to people’s preferences and their online behavior. Google has an even bigger one. And new upstarts, like Uber, are doing a similar sort of thing. They’re leveraging the power of their data to offer new levels of service to their customers.
A lot of businesses see the benefits of being close to data and how it is impacting the economy as a whole. Go back fifty years, and the biggest companies in the world were those that owned the most assets. General Electric, General Motors, Boeing, and Shell were all very valuable because they owned factories and oil rigs. These days, these companies aren’t worth as much as the big tech companies. Microsoft, for instance, has a valuation of more than $300 billion. Amazon, the online shopping giant, is even more valuable. And Google is approaching a market cap of more than a trillion dollars, which it will surely achieve if it continues to successfully develop and implement artificial intelligence technologies.
The importance of data to companies isn’t going anywhere. In fact, during this decade, humanity has developed the tools to put these data resources to use. A good example of this is the internet of things – a technology that fundamentally revolves around using data to make life more efficient.
But as with all new technologies, there are also risks. Take self-driving cars, for instance. Self-driving cars are a blessing that could reduce traffic, cut deaths on the road, increase productivity, decrease the price of getting a taxi and so on. But they can also be a risk. Self-driving cars could potentially be hacked and controlled by criminals to cause devastation and chaos in cities.
Businesses need to understand that the risks to their data are real. They also need to understand that the data they hold is an asset – an advantage they have over their competitors. Once businesses see that their data is not merely values in a spreadsheet but something more precious, perhaps they’ll start to understand why so many people are making such a fuss about it and why the hackers want to get their hands on it.
The European Union recently took steps to try and protect data. They implemented a new regulation called the General Data Protection Regulation, or GDPR for short back in 2016. It is a set of rules on how companies are able to use consumers’ personal data. It’s partly designed to deal with an attitude in small businesses where company bosses think to themselves “who’s going to bother coming after me?” Small business owners think that they don’t have anything cybercriminals want, so why would they bother spending money on a cyber security budget.
It turns out, however, that small companies do usually have stuff that hackers want. When Target was hacked in 2013, and millions of customers had their account details stolen over the Christmas period, it was thanks to a small business. Hackers were able to get into the account of one of Target’s refrigerator contractors. All the contractor did was supply heating and refrigeration equipment to all of the company’s warehouses and stores. But hackers were able to use the company’s poor security policies to gain access to Target’s main customer database, including things like credit card details.
Other small businesses have also been targeted directly in different ways. Some hackers will find companies that don’t have sensitive personal information (such as credit card info), but who require access to certain information to carry out their daily operations. For instance, a delivery company will need a database of addresses for all it’s online customers if it’s going to deliver items. Criminal hackers don’t usually bother stealing this information. Instead, they find a way to block the company from accessing it and then charge a ransom for its release. Companies are then faced with a terrible choice between paying the ransom or suspending their operations.
Smaller businesses, says Bindu Sundaresan, an IT professional at AT&T, need to understand that they’re usually pawns in a bigger game. They’re often targeted so that hackers can gain access to higher-value targets. But small businesses also need to be aware that if they want to keep their most valuable contracts with big companies, that they need to make sure that their security is sound. Otherwise, they risk losing these contracts. Here’s what small companies should do to protect their data.
Educate Your Employees
These days, online security systems tend to be pretty secure. It’s hard for hackers to find exploits of modern systems, unlike in the past. The softest target in your business isn’t a remote attack on your encrypted network, it’s usually your employees. When it comes to cyber security, employees make all sorts of basic mistakes. They can leave their laptops lying around unattended, logged into your network. Or they can choose weak passwords, like “password.” Or they can become the victim of a fraud scheme like phishing. Another way is for hackers to leave infected USB sticks lying on the ground outside or in a public place. People will pick them up and plug them into a computer to see what is on them.
Employees need to be educated. They need to understand that, as a company, you’ll never ask them for their password and you’ll never send them an email with a link to reset their password. Phishing scammers will often target workers with legitimate-looking emails asking them to reset their password, but such emails should be trusted. As an employee if you are not sure, ask your IT department or a manager.
Implement A Mobile Security Plan
With the rise of bring-your-own-device to work, mobile security is fast becoming the biggest issue for small businesses. Employees who lose their mobile devices are putting the company data at risk.
One simple way around this is to make sure that employees can’t remain logged into networks containing sensitive information while their devices are not in use. In other words, all BYOD devices should have timed access to sensitive accounts. This means that if a device is found by a malicious hacker, they can’t gain access to sensitive networks through the device.
Generally, it’s a bad idea to have severe sanctions in place for employees who lose their IT equipment. If a device is lost or stolen, it’s always better to be told about it straightaway rather than find out later once your network has been hacked. Introduce a punishment-free policy for anybody coming forward and admitting that they’ve lost their device.
Use Multiple Layers Of Security
Sometimes, educating your employees about the risks of phishing isn’t enough. Phishing is a con game, and sometimes it can be tough for employees to tell the difference between a regular request and a malicious one. Because of this, many companies use sophisticated phishing software as an extra layer of protection for their business. Artificial intelligence that scans emails is becoming better and better every year at working out whether an email is fraudulent or not. Using multiple layers of protections makes it less likely that phishing emails will get through.
Also consider Privileged Access Management which enables organizations to reduce the risk of security breaches by minimizing the attack surface. Centrify’s Privileged Access Management solutions help you consolidate identities, deliver cross-platform, least-privilege access and control shared accounts, while securing remote access and auditing all privileged sessions.
Put Customer Privacy Front And Foremost
Not only is it the law in most countries to protect user data, but it’s also good business sense. Make sure that you have a clear policy in place that all your employees understand. Ideally, data privacy will be an important part of the culture of your enterprise. Let your customers know in plain English how you use their data. Being honest can be an excellent way to gain more business in the future. Build trust with your customers and show them all the precautions you take to protect their personal information.
Photo Credit: Flickr and Pixabay