With great power comes great responsibility. This is the case for anyone who uses a corporate network.
Our corporate networks are powerful, but hackers have the same computers we have. Sometimes they even play computer judo, using the strength of our own resources against us. Do your users know how to protect themselves — and your assets?
Malware can slip easily into a network, and it’s difficult to eliminate once it enters. Last year, hackers infiltrated the U.S. electrical grid. They didn’t do any damage — this time — but they did leave behind potentially disruptive software. What if next time they shut down a few power plants, cutting power, switching off traffic lights and causing mayhem?
Some hackers have turned desktop PCs into their own private servers on botnets, using them to distribute malware through e-mail. Hackers have also plundered bank accounts through bogus online transactions — that could be your business that’s now flat broke. When that happens, malware becomes more than just a nuisance or a maintenance problem.
Malware sneaks in the back door. It disguises itself as harmless and familiar web content. For us, network security is a necessary cost of business. For hackers, malware is their business. It’s easy for them to slip past blacklists; all they have to do is make some small alteration, and their malware is ready to go out and wreak havoc again.
Today, IT professionals hold the keys to the most powerful and easily disrupted tools an organization has. For most of us, one well-executed threat could bring our company to its knees. We have to educate ourselves and prepare to fight back.
Some of us have no choice about it — regulations such as the PCI Data Security Standard, HIPAA and Sarbanes-Oxley require us to guard against the harm caused by malware or face stiff fines.
But some of us are too casual about protecting our businesses’ proprietary information and its employees’ personal data. We know there are updates to our software, including security patches, but sometimes it’s just too much trouble to install them. Hackers count on that. The older the software, the more time hackers have had to probe it for weak spots.
Failure to implement robust security policies — and train employees to follow them — adds to the risk. It’s easy to cut back on IT security when times are tough. Training is time-consuming, and some employees complain. But can we compare the time workers spend in training with the time they save by using the network to begin with? How often do you train your employees about how to avoid viruses and malware? Given that the computers they use put the power of multiple workers on their desktops, a few hours of training is a small investment.
For us, network security is a necessary cost of business. For hackers, malware is their business.
Does that training include persistent reminders of your well-designed security policy? Or are you content to print a warning in the company manual about not using the computer for unauthorized purposes? It takes only one unscrupulous employee who visits a pornographic or gambling website on company equipment to expose your entire network to malware.
If your business is critical to the supply chain, an infection could put customers or business partners at risk. For all of us, exposure to malware can put our assets at risk.
Don’t use the power and ignore the responsibility. Share the responsibility to defend your network with every user on it. And keep your security software up to date.
Melih Abdulhayoglu, founder and CEO of the Comodo Group, is an inventor and security expert.