Threat: Phishing scams
Solution: Train your staff to be vigilant
Alert your employees to the danger from fraud artists who send e-mails from an apparently trustworthy source asking for confidential information. If fraudsters get this information, they can sell it or use it to hack into your company’s network. Rohyt Belani, managing partner of Intrepidus Group Inc., a New York-based IT consultancy, offers a tip on training your team to spot phishing attempts. He advises that you stage simulated phishing probes of your staff, then show employees precisely how falling for a real scam could have harmed your firm.
Threat: Attacks on your company network
Solution: Lock down your system
Theft of sensitive information such as company passwords, intellectual property, credit-card numbers and other customer information could destroy your reputation and even bankrupt you. Limit network access and run vulnerability-scanning software that maps out weaknesses in your network and alerts your IT manager to fix them. Screen incoming e-mails and instant messages at your network gateway—the point at which it links to the Web—to filter out spyware that could feed your data to a third party and for other malicious software. Thanks to Unified Threat Management appliances, you can take an all-in-one approach to network security that combines firewalls, intrusion detection or prevention software, and anti-virus and spyware filtering. And don’t forget that not all threats to your IT assets are through the Web; you also need to physically secure your premises to stop burglars from walking off with PCs and servers.
Threat: Breaches of your wireless network
Solution: Activate network security features
Brad “Renderman” Haines, a “wardriver” based in Edmonton who travels through industrial parks, malls and Main Street looking for open wireless connections, says that vast numbers of businesses still aren’t securing the wireless gateways to their internal networks. He recommends that companies that are planning to install a wireless network—or to protect an existing one—hire someone who knows the technology well enough to activate its security features correctly and reset default passwords to limit unauthorized access.