When it comes to keeping your business safe, your first thoughts may go to corporate cyberattacks that have been widely publicized. Indeed, cyberattacks are a major problem for businesses. Addressing these threats costs U.S. firms an average of $12.7 million annually. But sophisticated online attacks are not the only way that criminals infiltrate U.S. businesses. The most vulnerable component in businesses is often not technology—it's people. In fact, the three largest areas of vulnerabilities your employees face on a daily basis are in‐person, via email and by phone. Part one of this two‐part series will identify in‐person threats and provide you with steps to secure your business.
”Many people forget about the physical threat of stealing company information,” explains Dave Gorr, Vice President of Investigation and Corporate Security at Johnson Financial Group, and retired FBI agent. “Especially in the Midwest, where people are so trusting, it is amazing how often a person can misrepresent themselves and gain easy access to a business.”
Criminals looking to steal sensitive information and other company or personal assets rely on poor security protocols to commit crimes undetected. They do this in a variety of ways:
Employees are the first line of defense in recognizing in‐person threats to your business. Security training for employees is vital, but often overlooked. “Many employees are taught to perform their jobs, but are not given the resources or training when it comes to keeping the business safe,” says Gorr. In general it involves security awareness training, developing a security policy and periodic testing.
Adding to the threat businesses face is the downsizing of companies. Many no longer have receptionists, who often help to identify people coming in and out of the building. And few businesses are able to have a dedicated security officer. “In many companies people are wearing many hats, and security is one aspect that can easily fall by the wayside,” explains Gorr. “But there are steps that every business can take to improve security and minimize risks.”
When it comes to your business, it's easy to look at security as an added expense and treat it accordingly. But this way of thinking allows for security to be an item that is minimized or forgotten during tough times. Instead, consider your company's security as a valuable resource protecting your brand and your business.
“It has to be a conscious choice for the company to address security concerns, and decide that it's important to continue to develop and enforce a security policy,” says Gorr. “All it takes is one security breach, not only from a financial aspect but also reputationally, to have a potentially catastrophic effect on your business.”
When protecting your business it's easy to focus attention on preventing sophisticated online attacks, but often the most vulnerable component of any business isn't technology—it's people. In part two of this two‐part series, we'll examine five ways to reduce your risk from remote threats executed via email and phone.