It really doesn’t matter who you are – if you use any type of computing device these days then you need to think about security.
Whether you are a home user, small business owner, or employee at a huge multinational company, you need to have a mind for security. You need to be aware of the threats you may face, as well as having some idea of how to cope with or mitigate those threats when they become reality.
Whilst everyone should have some degree of security awareness in order to protect their own information security assets, those involved with protecting data in a business setting may well have a lot more need to achieve certain standards, as well as legal responsibility, to do so.
The levels of security required within the business setting may well differ depending upon the size of the company though. Sure, there will likely be some overlap, but that doesn’t mean that an enterprise can approach security with the same mindset as a small business owner can.
Within the enterprise environment you need to look at the number of people you need to protect as well as the sheer volume of information assets.
Larger companies can have tens, if not hundreds, of thousands of employees. You will need to know what they are all getting up to and a large employee base can certainly add a lot of variety into the mix!
As much as you may not want to admit it, with a large workforce comes the possibility that some employees may not be quite what they seem. you’d like to think that most of the people within your organisation are dedicated and hard-working individuals who have the business’ needs at the heart of their thinking but that isn’t always the case.
Sadly, there will always be disgruntled employees, be that people on the verge of leaving (voluntarily or otherwise), or those who quietly plot the firm’s downfall. People like this will plot and scheme and look to damage the company’s internal networks as a way of getting back at the company for whatever slight they perceive as having been levied upon them.
Other staff members will look to jump ship, jumping into a similar business or starting their own. The contacts they’ve built up within the enterprise could prove invaluable. And the same goes for all the information they can get their hands on.
As someone in charge of security within an enterprise you need to guard against such threats just the same as you would look to protect the company’s assets from external attackers.
Of course external threats most certainly are a problem and, again, enterprise differs from small business in the type of threat faced.
A small business owner needs to protect their network from hackers sure. But enterprise has a huge “X” painted on its forehead in luminous yellow, screaming “come and get us” to anyone who happens by.
Businesses involved in the financial and banking sectors are even juicier targets still due to the nature of the information they hold. Attacks will be the norm rather than the exception.
You’ll just have to get used to that.
Whilst general attacks will be common, its the targeted attacks that you really have to worry about.
These are the type of attack where someone has studied your computer security layout and believe that they have discovered a hole which will allow them to get in. You have to be able to prevent this from happening by changing all of the time. This includes the passwords to the system, controlling who does and who does not have admin access to the system and other things of that nature. You’ll need to ensure that you use the resources of your company to stay one step ahead of the bad guys.
If you are a small business owner, or the personal responsible for security in a small company, you have a lot less of these types of worries. You will rarely have to worry about a targeted attack and it is much easier to keep on top of which employees do or do not have access to your system.
The main thing you may find yourself fighting against is complacency when it comes to protecting your system.