Today, companies are increasingly adopting innovative cybersecurity and privacy safeguards. They make every possible attempt to safeguard the sensitive information on the company’s network and as a result every year billions of dollars are spent on upgrading and installing latest security systems across US. Though, efforts are made to circumvent security threats but the fear of Cyber-attack still haunts even the largest firms that use sophisticated security solution. What could the reason probably be???
According to a 2017 Insider Threat Report, 74 percent of companies feel that they are vulnerable to insider threats, with 7 percent reporting extreme vulnerability. This clearly means that human error is one of the leading causes for IT security breach. Laxity on the part of employees can pose serious threat to company’s databases and digital information. Here are some common information security mistakes that employees often make.
- Common Passwords – The most common mistake the employees make is use of very simple and predictable passwords. Employees often set passwords like ‘password123’, ‘name. birthdate’ that can be guessed without much effort. Malevolent attackers can gain access to sensitive information of the organizations that use a single sign-on system. This makes meticulous password protection indispensable, as a strong, unusual password can deter attacks to some extent. Also, there should be different passwords for different login credentials.
- Using Insecure Devices & Networks – With the proliferating BYOD (Bring Your Own Device) culture, devices are increasingly being connected to networks of the company. Often, employees neglect the company’s security measures and go ahead with downloading stuff and applications. It becomes easier for the third parties to exploit the company’s sensitive information when insecure applications are introduced into the company’s network. Also using unknown network sources and Wi-Fi connections is a serious threat to information. These risks can be extenuated by adhering to minimum security standards on all devices connected to the company’s network.
- Opening Junk E-mails – Email attachments sent by people you don’t recognize and have an illegitimate domain are more likely to be a spam or malware. To prevent any information loss, immediately send the email to your email administrator for verification. Also do not forward the email to anyone else in the organization as that may increase the chance of a malicious attachment being clicked accidently.
- Unnecessary Users – More the number of users who have access to sensitive information, more are the chances of security breach. User privileges should be given to few trusted members only.
- Negligence in handling Sensitive Information – Employees are unable to remember passwords and login credentials for various programs, and delinquency in handling them can pose serious threat to company’s informational sources. Having no passcodes or same passcodes that pass on for years is risky. Printing sensitive information, writing down passwords on sheets, whiteboards or Sticky notes can cause a serious Security Havoc.
- Disabling Security Features – Some employees intentionally disable the security features. If these employees have access to administrative privileges, then it can be deleterious to the crucial information on the company’s network. To prevent this, it is important to educate users about security measures, their purpose as well as the terms and conditions.
- Clicking on Advertizements – It is an Ad-Mad world, but in the plethora of online advertizements, not all ads are harmless. Clickbait advertizements often lead to a site with malware, making it easier for the attacker to access sensitive information and database. Educate your employees about how to identify ads which have dubious content.
- Phishing Bait – Phishing is done to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy site. Employees must be vigilant and should open only those links and attachments that come from a trusted sender. One can also check URL of a webpage before entering any login credentials.
Follow these simple security hacks as a part of cyber security defense mechanism -
- Imparting data security training and awareness to employees.
- Installing data loss prevention software.
- Full encryption of devices.
- Minimizing Access rights and privileges
We, at Centex Technologies, provide IT security solutions to all types of business firms. For more information, call us at (972) 375 – 9654.
27. June 2017 05:57
Maintaining the information security of an organization has become a necessity in the present times. Though identifying and patching potential vulnerabilities is important, it may not always be possible to completely shield your network against hacking attacks. Therefore, it is essential to formulate a strategic vulnerability management program to strengthen your IT security system. It will not only help to detect the risks, but also identify the most viable way to understand and mitigate them.
Given below are some of the steps that you need to take for better vulnerability management:
Identify Your IT Assets
Though this may sound quite obvious, it is really important to identify and keep a track of your IT assets in order to adequately protect them against attacks. Cloud computing technologies and adoption of mobile devices have expanded the boundaries of an organizations’ IT infrastructure. To deal with this problem effectively, IT professionals must create an inventory of all the computer systems and applications that have access to the corporate network. You can even use some cloud based tools to streamline the process and automatically record all the internal as well as external IT assets.
Understand The Risk
Vulnerabilities can exist in any layer of the network. Hence, an in-depth scanning is critical to understand what all systems are at risk and the level of risk they pose for the company, in the event of a data breach. Conduct an external penetration test as well as internal application scan to identify all the potential threats to the network. Prioritize the vulnerabilities according to their severity so that you can focus on rectifying the more critical risks first. Set exceptions on the level of risk that you can accept and manage at a later point of time.
Identify Which Controls Are Already In Place
Take a note of the security measures that have already been deployed in your organization. These may include firewall, intrusion detection and prevention system (IDPS), data encryption, virtual private network (VPN), data loss prevention etc. Identify the efficiency of these systems to protect your confidential data and other IT resources. This will also give you an idea of the threats that are not being managed and require the use of more sophisticated security software.
Centex Technologies is a leading IT security company serving business firms in Dallas, TX. For more information, you can call us at (972) 375 – 9654.