Prof. Doug Jacobson
It happens every day. The news fills with words like botnets, malware, ransomware, heartbleed, phishing, and sniffing. We are told we must make passwords “long and strong,” avoid “unsafe” websites, and keep computers “up to date.” We wonder what hackers could ever want with us.
Mostly, we just wonder what is safe and what we should do to protect ourselves.
Here are a few ways businesses can start to address cybersecurity:
First, remember that cyber threats can affect any person or entity. Don’t assume that, since you are small, you cannot be a target. Attackers often don’t care who the victim is. They just want someone to attack.
- Look at what you have and what you think is valuable. Examine your digital footprint and ask, “What would happen if I lost this or someone stole it?” This will help you set priorities.
- Don’t forget the physical. Look at your physical controls and who can access your equipment, computers, and property.
- Guard the floor. As a factory floor becomes more automated, it can become more of a target. Look at how you can separate the factory controls from the rest of your organization.
- It is not just about the money. Don’t forget about your intellectual property, like design specs, manufacturing processes, and costing structures.
- Many attacks come through humans interacting with email or websites. Computer security issues cannot be solved by technology alone; users must play a role in keeping themselves secure. Attackers are targeting people as well as technology.
- Get help. There are private companies that can help assess and secure organizations. A lot of information is available through trade associations. The federal government has guidelines for cybersecurity through both DHS and NIST.
The bottom line is you want to be proactive and start thinking about cybersecurity before something happens.
Have a plan in place before you are attacked. Be ready for the next round of news.
> Professor Doug Jacobson is a cybersecurity expert in the College of Engineering at Iowa State University. He can be reached at dougj@iastate.edu or through his (currently under development) computer safety blog at www.security-literacy.org/blog.