When I checked my WordPress security details today, I noticed there had been almost 7,000 unauthorised attempts to access my website in the last four months. Online security isn’t just a buzzword – it’s something we all need to take seriously.
But risk perception varies enormously across the spectrum. What does online security mean to you?
The SE/CE curve comes into play again here when determining risk perception – and it’s important for business owners to understand where they and their staff sit on that curve, to target training and policies the right way to minimise risk to the business. So where are the real key risks?
Attacks on your online presence.
Even if you think that your website doesn’t merit attacks, there are people out there who would disagree. 7000 attacks on this blog? That’s pretty random- but it’s a serious threat. People are on the hunt for data, and for control of domains to launch phishing attacks. There’s a similar risk out there in the world of social media – Twitter in particular is notorious for ‘spam’ links being generated in a way that is likely to attract your attention, and clicking on a link can expose your Twitter account or, more seriously, your PC, to abuse. And what about the proliferation of phishing emails? We receive a handful most days, and they are getting cleverer in their language and their targeting.
Along the length of the SE/CE curve, responses to this type of threat will be different and need to be managed accordingly. Make sure that your staff are trained to recognise the risks that their life experiences do not cover.
Low SE / High CE : Awareness of a danger, but can still be caught out online
At the extreme of low SE (social engagement) and high CE (corporate experience), there is a healthy amount of skepticism protecting the business from obvious phishing attempts – but a danger that limited exposure to things like social media will result in innocently following a link from a friend’s hacked Twitter account.
High SE / Low CE : Susceptible to temptation, without understanding the risks
At the opposite end, strong social engagement with a low level of corporate experience can lead users to be too trusting, thinking they know how to handle the internet and sometimes falling for phishing attacks offering rewards that look too good to be true. There are even documented cases of young staff members with access to commercially sensitive data revealing this inadvertently in an unsolicited ‘quiz to win an iPad’ or similar. This is the more risky end of the spectrum – losing some face online can be dealt with, but compromising business confidentiality and data protection is the greater threat.
Engaging safely online
At Galia Digital, we have been working with emerging software supplier JDrew Creations whose systems give users a secure and private platform on which to engage and interact with other members of an organisations. As someone who grew up with intranets, not internet, this is a familiar concept, and one that organisations seem to be returning to as they try to find common ground for all their members.
Data security within the business
Paper filing is a thing of the past. We are all keeping valuable information electronically within our businesses – convenient, but potentially open to attack. Your databases and servers hold client information, contract details, personnel files, designs and other intellectual property. It’s important to work within the Data Protection Act to keep tabs on personal details, of course, but think wider than this: what would be the impact on the business if all this data was lost or corrupted? Data security does of course cover resistance to attack from external sources, but a business needs to be sure that everything can be recovered in the event of system failure.
Galia Digital spoke to Acad Networks, specialists in IT security. They told us, “Information security needs to play an increasingly important role in business today – greater sophistication, automation, availability and ease-of-use of hacking tools means that our business assets are more at risk than ever. Understanding how and where your business is most vulnerable allows you to make better, more informed decisions about where to target your internal policies and technologies in order to reduce any risks and minimise disruption in the event of your systems becoming compromised.”
A reputable security consultant such as Acad can work with you to identify any risks, advise on how best to mitigate them and help to secure your business against any relevant threats.