Recently, there have been a growing number of reports in the press highlighting the issues of cyber attacks as a growing threat to companies. From eHarmony to LinkedIn, it is estimated that in the US alone, cyber-espionage has cost businesses $14 billion. While a company’s intellectual property and data are threatened, it is their reputation which is most on the line. Law firms and investment banks, for instance, have expressed particular sensitivity to possible cyber attacks and what it might do to their reputation. If clients can’t maintain trust in firms retaining confidentiality of data, firms’ reputation will suffer.
Cyber attacks can take different forms: from e-mails apparently sent from inside the company containing viruses, to hacking the firm’s document storage programs, making them particularly vulnerable to attacks. The loss of sensitive information no longer occurs by a distracted employee leaving a document in the tray of the printers. They can also come from different sources; nation states, industrial spies, competitors, an insider, or even simply a kid down the street seeking some form of indulgence. Once it happens, companies are often embarrassed to announce it for fear of repercussions. Often, they are not even aware of it, as viruses can remain in the company’s computer for months undetected. According to some industry professionals, companies are relying too much on firewalls and anti-virus programs and with that false sense of security they fail to comprehend the level of sophistication of cyber attacks. Taking steps to improve the security of files and information should be of priority to companies if they wish to retain clients’ trust, and to protect their reputation.
There are numbers of very simple steps that can be taken which can significantly reduce the risk of cyber-espionage. Some of the remedies include accessing sensitive data from secure locations and banning e-mail or digital transfer of documents. Another measure that some firms have implemented is moving all of their computer systems to a secure third-party server, off-site. Some firms protect data by requiring the use of encrypted connections and some restrict the use of vulnerable file-hosting programs like the popular DropBox. Others are issuing the so-called “blank” computers to employees when travelling or limiting the use of business laptops to business-only purposes.
Educating employees about downloading unauthorised applications, sharing files or business information on social networks, or opening suspicious e-mails on their laptops or PCs will also significantly contribute to business security.
For some companies, especially those that handle very sensitive data for third parties, extra security measures can be seen as added value when pitching for new business. For most, however, it is a simply a matter of running a business safely.