5 Lessons On Information Security We Can Take From 2015

An awful lot of foolish mistakes have been made with smart technology. As software becomes more and more sophisticated and easier to use, it also becomes easier to exploit. As a result the personal information of legitimate users is disturbingly easy to access and misuse. Target and TJ Maxx, Ashley Madison, and the Federal government’s Office of Personnel Management are some examples of headline making data breach and theft news over the last couple of years. But has anything been learned from all of this to protect users? As providers struggle to stay ahead of cyber crooks, their site users should also be aware of ongoing online security issues in order to protect themselves and sensitive information.

Lesson One: Don’t Underestimate Cyber Criminals

Such thieves are becoming more sophisticated and becoming better organized. They’re also operating from locations that tend not to fall under the radar of regulators, such as the former Soviet Union. As a result, providers need not only to frequently check existing security sites for vulnerabilities, but be able to develop new programs that can be checked more quickly for flaws.

Lesson Two: Ignorance Of Privacy Policies Is No Excuse

While it has taken awhile to come up with uniform guidelines, many governments have created policies that they expect businesses to adopt in order to protect user security. Some businesses, especially within the European Union, are now facing financial sanctions in addition to hacking losses for failure to comply with them.

Lesson Three: Know Your “Friends”

More and more, businesses are dealing with online third party suppliers whose security weaknesses may be providing access points for hackers. Providers therefore need to work more closely with their “contractors” to identify and correct those companies’ cyber vulnerabilities before sharing information.

Lesson Four: Have A “Toys From Home” Policy

An increasing area of cyber vulnerability for businesses is employees bringing personal devices and drives in from home and using them with work systems, introducing viruses and security breaches. Experts say introducing a policy forbidding such items in the workplace is futile. Instead, companies should create a firm policy governing the use at work of such devices and drives and monitor it carefully. They should also be careful to stay abreast of changing trends in this area so that they can alter and update such policies as needed.

Lesson Five: Make Employees Part Of The Solution

It is not enough to simply have well-trained IT professionals on staff. Even companies with full-time IT teams could be at risk of a network protrusion, reports an Ottawa managed services expert. While criminals and spies are certainly responsible for security breaches, more problems are caused internally. Some of this is a result of disgruntled employees and corporate moles. But more is done unintentionally by careless or untrained employees. Experts say the solution is not just to explain or train workers in computer security policies. Instead, make such protocols such a part of daily work routines that employees follow them unconsciously.

Business security breaches can be reduced. But it means company systems must be both faster and more flexible, and companies must be willing to invest resources of time and money in continually assessing and correcting issues.

Emma is a freelance writer living in Boston, MA. She writes most often on technology and education. When not writing, she enjoys reading and rock climbing.