Quest’s 10 ways to boost business IT security in 2012: #9 and #10 Posted on January 31, 2012 by Tim Burke For quite some time, small and midsized businesses dared to feel safe from most malicious attacks — thanks to their relative smallness. Over the last couple of years, that’s been changing, because larger firms are tightening defenses and, as I’ve said before, the bad guys exploit opportunity. Which is why shoddy IT security is a wide open opportunity for hackers to rip you off. So I’m finishing our list with two elements easily overlooked as you face the hassles of keeping up with criminal creativity. #9 Educate your employees about security Publicize your corporate security policy, conduct employee training sessions about it, and reward those who are vigilant in adhering to it. Train employees to recognize methods of social engineering and their vectors. Develop recognitions and rewards for employees who report suspicious email, websites, apps, etc. And, as appropriate, teach employees how to spot signs of attacks, tampering, and fraud. #10 Unless your enterprise is very large, don’t try to do it all by yourself Effective information security requires expertise and dedication. Unless you have a large IT security staff, you’re in danger of falling behind the IT security curve. However, you don’t have to become a victim of hackers, scammers, crooks, or disgruntled employees. IT security services can provide you with leading-edge, state-of-the-art protection without you forking over any capital expenditure. And the right provider can make effective use of the security controls you already have, and can configure and customize services precisely to the requirements of your business and the reach of you budget.