Invisibility has long been a favorite topic for science fiction writers. However, today in real life, physicists are studying invisibility to solve practical problems like allowing surgeons to see through their hands during delicate operations. When it comes to computers, invisibility is a strong deterrent to spear phishing, botnets, spyware, malvertising, and other hacker techniques. Magic screens of invisibility do not exist yet, but there are tools and techniques available including a common sense approach to information visibility.
First, your company’s BC/DR plan must include clear and defined security guidelines for all employees combined with a comprehensive training program. Make it clear that granting access to email or valuable company information is a special privilege and not an automatic right as an employee. Emphasize that all information be treated as highly confidential unless officially stated otherwise. For example, your organization’s public website would be considered officially non-confidential and a location to post information that everyone will know is safe to disseminate.
The dual objectives here are to increase productivity yet enhance infrastructure security. Balance and vigilance are critical as email and the web are leading entry points for malware but also essential to high productivity and sales. Users are the preferred first line of defense in any security scenario, and with the current shortage of cybersecurity professionals they are indispensable. Your training program should stress that all employees are required to monitor and report any suspicious activity or irregularities immediately. Positive reinforcement is essential here, as the ultimate goal is to establish a culture where all employees are risk aware, proactive, and feel part of the team.
Mobile and personal devices are particularly susceptible to attacks, so they have to be carefully managed. These devices should be preapproved and registered with your IT team as standard policy. Password and encryption security should be mandatory and strongly enforced. An alternative is to provide company-supplied devices with appropriate software possibly including tracking and remote wipe features. By standardizing devices, your IT team will also have an easier time if a breach does happen.
Obviously, magicians don’t possess real magic, but use tricks like misdirection to focus the audience’s attention to the highly entertaining parts of their acts. In effect, all else on the stage is rendered invisible. The key for your organization is to do the same, entertain your site visitors and prospects but make all else invisible.
Edited by Dominick Sorrentino