How Vulnerable Is Your Firm to Cyber Crime?

Here’s how to reduce your exposure to risks you may not be aware of.

July 29 2010 by Morey Stettner


Treat your employees well and they’ll work harder. If that’s not a good enough reason, here’s another: Satisfied staffers are less likely to commit cyber crime against your company.

High-tech saboteurs can steal your data or unleash “malware” and computer viruses that wreak havoc on mission-critical systems. That’s why many entrepreneurs worry about the threat of hackers.

They’re right to worry.

While news accounts typically feature high-profile data breaches at huge corporations, small firms are actually at greater risk. A 2008 survey by McAfee found that 21 percent of small and midsize businesses reported an IT security attack, and one-third of those businesses experienced more than four such attacks in the last three years.

“A smaller company presents a more appealing target because smaller companies tend to lack the resources to invest in the type of access-management and data-leak-prevention technologies that would prevent an attack,” says Mike Spinney, senior privacy analyst at the Ponemon Institute in Traverse City, Mich.

Cyber crime takes many forms. Armed with computer passwords, hackers can penetrate your system and steal confidential or proprietary information. Or they can prevent customers from accessing your firm’s website. Some cyber criminals focus on smartphone software or voice over IP technologies (that provide voice communication over the Internet), posing risks for BlackBerry and Skype users.

Prevention starts with employee awareness. Train your staff to safeguard their passwords (no leaving them on sticky notes in plain sight!). Set guidelines on which websites workers can access from company-owned computers (no visiting shady online social networks that lack proper security!). Provide privacy screens for employees who travel (to prevent a seatmate’s prying eyes from spying!).

Threats From Inside

Even if you educate your workforce about cyber security, you’re still at risk. Disgruntled or renegade employees can become enemies from within.

“Insiders are responsible for between one-third to one-half of all cyber intrusions,” says Larry Clinton, president and chief executive of the Internet Security Alliance in Arlington, Va. “That’s why you should change the access codes when employees leave so that they can no longer get into your system. It’s surprising how often that’s not done.”

When IT employees leave your company, assign your new IT specialist (or a contractor) to conduct a vulnerability assessment. Identify any “back doors” that allow departing techies to corrupt your firm’s data.

If you partner with other organizations or outsource key functions, confirm that outsiders follow strict cyber security protocols. Stipulate in your contracts the specific precautions that you expect the contractor to follow to protect your data, Clinton suggests.

Keep close tabs on morale. If you push people too hard or engender ill will, you increase the odds that workers will turn against you.

Heed red flags of brewing discontent. Encourage people to come to you with their concerns rather than label anyone who voices constructive criticism as a malcontent.

“Keep your door open so that unhappy employees can vent their frustrations,” says Minda Zetlin, co-author of “The Geek Gap.”

Managing Your Techies

With their technical knowledge, IT employees can launch particularly harmful and costly cyber attacks. Zetlin offers these tips to manage your IT team:

  • Spread the knowledge. Ideally, you want at least two IT employees to oversee access to your firm’s computer network. Relying too much on one person to handle all IT operations increases your vulnerability.
  • Slam the cyber door shut—quickly. “Have in place a mechanism that lets you rapidly cut off access to your company’s servers,” Zetlin says. Immediately upon terminating an employee, disable that person’s access to your network.
  • Launch a charm offensive with IT contractors. Unhappy consultants can commit cyber crime just as easily as employees. Make them feel like part of the team and monitor their satisfaction levels.
  • Bring everyone together. In many workplaces, IT specialists work apart from the rest of the group. That’s a mistake, Zetlin warns. Rather than physically separate your IT team, integrate them with everyone else so that they’re more visible.

Because technology changes so fast, involve all your employees in combating cyber crime. Seek their input, share ideas and work together to expose and plug security gaps.

“The threat matrix is constantly evolving, so computer security requires constant vigilance,” Spinney says.

Morey Stettner is the editor of Managing People at Work and the author of five business books, including Skills for New Managers (McGraw-Hill). Based in Portsmouth, N.H., he coaches executives on their communication skills.