Think about walking around the grounds of your office for a moment. Consider the sights and sounds that you’d encounter strolling up and down the halls into the various departments as you go about your workday.
Hopefully, this exercise brings up some good memories and reminds you of some professional accomplishments. Depending on the role you have within an organization, you might have different mental associations for the various departments within the building.
The IT department has (or would have) a vastly different perspective on the building as a whole – and part of that perspective would include cybersecurity vulnerabilities. Innocuous areas of the operation might be glaring security problems waiting to happen. A security audit can be invaluable for businesses that might be a little behind the curve when it comes to keeping up with best practices.
A business might be exposed in areas they didn’t even consider which is the inspiration behind this blog post today. We’ll walk through a fictional business that includes several departments that a “typical” business has and discuss various security landmines that might be waiting for the unprepared.
Unfortunately, no amount of preparedness can save you from that person with the chronic coffee breath, you know the one we mean.
If you thought that the reception area would be relatively immune to digital security threats – you’d be completely wrong. This area has the potential to be the most vulnerable under the right conditions.
Social Engineering – Opportunistic bad actors might use the reception area to convince a receptionist to allow them access to restricted areas. Claiming they have a meeting with accounting, for example, in hopes that an inexperienced individual might simply lead them to the department.
This is more of a potential problem for smaller businesses – or perhaps companies without a reception area at all.
Data Breach – The front desk is a very common area for peripherals that could contain sensitive information that doesn’t need to fall into the wrong hands. Flash drives with client names and personal contact information, for example. Laptops waiting for repair. Invoices and accounts payable documents ready to be mailed out.
What do all these things have in common?
They all have a reason to be sitting at the reception desk at some point throughout a typical business day. They also can provide bad actors with access to information they shouldn’t have.
Sure, it might take a bold criminal to make this kind of move – but it’s happened before plenty of times.
If cash flow is king in a business, then the accounting department could be considered the throne room. It makes sense then to put a keen eye towards cybersecurity in the accounting department.
Make no mistake about it – hackers are after information that could lead to draining a bank account.
Financial Pretexting – We mentioned financial pretexting in a previous blog post as a type of phishing technique used to obtain information from an email address that appears to be from a legitimate source within the company. Sometimes these requests will be from someone claiming to be an executive and requesting bank account information or personal employee information.
Data Backup – Most of the accounting department likely uses some type of spreadsheet software to keep track of accounts payable or accounts receivable. Not every organization has adopted cloud-based accounting programs and rely on their in-house systems to keep track of incoming and outgoing revenue.
In the case of a ransomware event, how would the team keep track of all that data?
Hard drives can be rendered useless after a successful ransomware attack. Even paying the ransom for the ability to un-encrypt your data has a low conversion rate of being successful. Are you supposed to clap your hands together and move on?
Automated cloud-based data backup procedures are a must for critical systems such as accounting and accounts payable/receivable. Leveraging SaaS provides the team with the second layer of protection if your backup fails.
Before you jump into backing everything up, Autodesk reminds us that creating a standardized file categorizing system is essential for data to be organized as it is backed up regularly. This helps stakeholders find important information on cloud-based backup systems.
Organization is key. Develop a standard way of sorting your files so that you and your users will always know where files belong. This is the first step in backing up your files because it will save time and hassle when you need to retrieve lost data and restore it to the proper location. Organizing your work product is always a good idea.
You didn’t think we’d leave out the IT department in our business walk-thru did you? The technological hub of every business might look different depending on the size of the operation. For SMBs, you might have 1-2 people dedicated to the day-to-day and a server or two. Enterprise organizations might have whole campuses dedicated to handling IT.
Data Recovery/Disaster Recovery – This is often confused with data backup, but the two concepts are quite different. The loss of data can occur for several reasons, but the easiest to resolve is data loss that is software related. But probably the most common form of data loss occurs because of hard drive failure. This is where things get a little sticky.
Data recovery from an SSD drive is different from a traditional spinning hard drive. SSD’s are more durable than their spinning counterparts, but the recovery processes for each are different.
A proper data/disaster recovery plan will include some form of the following:
- Ensuring mission-critical data is backed up
- Securing the data backup to executed properly (consistent testing)
- Establishing a consistent backup schedule
- Establish mission-critical personnel in the event a recovery needs to happen
- Ensure consistency and quality of data recovered
If working with an outsourced vendor, it’s important to consider specific needs based on the industry the business operates within.
Network Security – If a business has a cloud network installed the employees have access to critical data and projects nearly anywhere there is an internet connection. While this provides a vast improvement in productivity and flexibility it also presents a host of security challenges.
Savvy IT support teams will employ tools that can help keep hackers out of the network. These can include multifactor authentication and application whitelisting. This is a type of proactive security if a remote employee has a laptop or tablet stolen.
Kitchen Chaos – In a shared break room, one of the biggest (non-cybersecurity) threats is clutter, trash, and stolen food. No matter how small the office, it seems there’s always one or two staff members who can’t seem to keep the space clean.
Perhaps this advice from Huffington Post would help:
Rules for cleaning up should be posted in plain sight in the kitchen or break room, said Parker Geiger, CEO of CHUVA Group. Doing this can help avoid someone being designated as the “kitchen police,” he said. If you see someone breaking a rule, report it to the appropriate manager. “Addressing it directly can cause conflict,” Geiger said.
If things get out of hand, consider emailing or posting reminders, Hosking said.
Etiquette expert Sandra Lamb said a reminder could read something like this: “Know how you hate to enter the kitchen and find it cluttered and dirty with someone else’s mess? Well, as a responsible coworker, be sure to leave the kitchen spotless.”