It’s enough to keep a Technology Director up at night!
Internet security threats with exotic names – like Heartbleed and Game Over Zeus – are in the headlines weekly it seems, along with major online security breaches at giant retailers and service providers.
Here at LNWM, we have always guarded client data very tightly, and even more so during the Internet age. So how do we ensure that client information remains confidential and secure? LNWM’s approach consists of three overlapping layers: security measures; extensive employee training; and constant vigilance. Below is an overview of each of these defenses.
Layered Security: The basis of most security strategies, including ours, is layering. You can think of the various components of the system in the same way you think about safeguarding a house:
- Internet-based security tools – these are the equivalent of tall fences and security guards, out there and working to keep hackers from ever reaching our network.
- Network “firewalls” – these act like dead bolts on all of the network’s external doors to keep hackers out.
- Internal network monitoring – the alarm system in place in case of break-in.
- Controls on access to information – the equivalent of a hard-to-access safe.
- Logging of network activity – akin to security cameras, helping us identify who is doing what inside the network.
Employee Training: Despite all the layers of security, networks (including ours) remain vulnerable to someone on the inside unintentionally opening the door to a smooth-talking conman. Today, it’s often easier for hackers to coax employees into letting them into a network rather than getting past the security controls.
Hackers call this “spear phishing,” and it usually involves sending an email to an employee’s work address, tempting him or her to click on a link or open a file. Once the link is clicked or the file opened, presto! The hacker can waltz in through the network’s back door.
Fighting phishing requires awareness and vigilance. It means training employees to think twice before opening emails that contain suspicious attachments or links. At LNWM, we have mandatory annual training and periodic reminders that point out recent examples of hacking attacks, and how important it is for each employee to not open the door to the company’s network. In the event an employee is duped into doing that, we still have in place the equivalent of an alarm system, a safe and our security cameras.
Constant Vigilance: Even with the best employee training and layered security, there’s always the risk that a new vulnerability will be discovered. The Heartbleed bug that was headline news in early April is an example. To protect against unexpected threats, we constantly watch for announcements about new vulnerabilities and update our systems accordingly.
BTW: As we assured you on this blog in early April, the Heartbleed bug does not pose a risk for LNWM security. We do not use open-source software, and this was a problem related to an open-source security tool.
What about the Cloud? Cloud computing, or web-based software and data storage, is just a catchy name for using a computer in someone else’s office instead of your own. Cloud-based operations can entail more risk since data is transferred back and forth over the public Internet, making it easier for outsiders to access.
Still, most major businesses, including LNWM, now use cloud-based services. By closely monitoring our cloud vendors and using strong security protocols in accessing the cloud, we’re able to mitigate the inherent risks. As cloud computing has expanded (Seattle’s own Amazon.com and Microsoft are two of the biggest cloud-services providers), the IT industry is focused on making cloud computing as safe and reliable as possible.
Bottom line: At LNWM, we’ve long been committed to keeping client data safe and secure. Today, we use a broad array of industry-standard security measures to protect information, coupled with periodic audits to ensure we’re doing all we can.