By Lisa Lupo
Think of your electronic system as a house with a doorway: “Every time you add a technology, you’re creating a doorway into the house,” said Concerntrak President and CEO David Rosenthal. “Each door represents a layer of a potential security breach.” Your company email address: that’s a door. Your website: that’s a door. Each cloud-based system: that’s a door.
But because cyber security is multi-layered, the door that each of these adds isn’t a single door, he said. In a cloud-based system, for example, you have your door, the door of your service provider, and the door of your hosting company. Similarly, within your supply chain, you have the door of your own company, along with that of each company traced forward and back in the chain, and their service providers, hosting companies, and any other companies with which they are linked. So the question of security needs to go, not only to your own technology providers, but to those of each company with which you are associated.
With this number of doorways, how does a company protect itself? Rosenthal recommends that companies employ a professional to conduct an outside evaluation and try to break the system. By doing so, you can discover where the vulnerabilities lie. Even for small companies with small budgets, “there are people who would do it for you,” he said. “Some people love to do this. It’s like trying to go through a maze or solve a crossword puzzle.”
It also is important to ensure passwords are strong and regularly changed. “Passwords may seem trivial, but they are the weakest link,” he said. “People are so inundated with passwords that they make them too simple. Every door has a combination. If you keep it forever, eventually they’ll figure it out.”
All that said, a company shouldn’t simply avoid technological advancement. “Understand that every new thing has its positives and negatives,” he said. “It’s like fire; as long as it’s harnessed and used correctly, it’s a useful tool.”