SEO Texas, Web Development, Website Designing, SEM, Internet Marketing Killeen, Central Texas
SEO, Networking, Electronic Medical Records, E - Discovery, Litigation Support, IT Consultancy
Centextech
NAVIGATION - SEARCH

Information Security Mistakes Employees Make

Today, companies are increasingly adopting innovative cybersecurity and privacy safeguards. They make every possible attempt to safeguard the sensitive information on the company’s network and as a result every year billions of dollars are spent on upgrading and installing latest security systems across US. Though, efforts are made to circumvent security threats but the fear of Cyber-attack still haunts even the largest firms that use sophisticated security solution. What could the reason probably be???

According to a 2017 Insider Threat Report, 74 percent of companies feel that they are vulnerable to insider threats, with 7 percent reporting extreme vulnerability. This clearly means that human error is one of the leading causes for IT security breach.  Laxity on the part of employees can pose serious threat to company’s databases and digital information. Here are some common information security mistakes that employees often make.

  • Common Passwords – The most common mistake the employees make is use of very simple and predictable passwords. Employees often set passwords like ‘password123’, ‘name. birthdate’ that can be guessed without much effort. Malevolent attackers can gain access to sensitive information of the organizations that use a single sign-on system. This makes meticulous password protection indispensable, as a strong, unusual password can deter attacks to some extent. Also, there should be different passwords for different login credentials.
  • Using Insecure Devices & Networks – With the proliferating BYOD (Bring Your Own Device) culture, devices are increasingly being connected to networks of the company. Often, employees neglect the company’s security measures and go ahead with downloading stuff and applications. It becomes easier for the third parties to exploit the company’s sensitive information when insecure applications are introduced into the company’s network. Also using unknown network sources and Wi-Fi connections is a serious threat to information.  These risks can be extenuated by adhering to minimum security standards on all devices connected to the company’s network.
  • Opening Junk E-mails – Email attachments sent by people you don’t recognize and have an illegitimate domain are more likely to be a spam or malware. To prevent any information loss, immediately send the email to your email administrator for verification. Also do not forward the email to anyone else in the organization as that may increase the chance of a malicious attachment being clicked accidently.
  • Unnecessary Users – More the number of users who have access to sensitive information, more are the chances of security breach. User privileges should be given to few trusted members only. 
  • Negligence in handling Sensitive Information – Employees are unable to remember passwords and login credentials for various programs, and delinquency in handling them can pose serious threat to company’s informational sources. Having no passcodes or same passcodes that pass on for years is risky. Printing sensitive information, writing down passwords on sheets, whiteboards or Sticky notes can cause a serious Security Havoc.
  • Disabling Security Features – Some employees intentionally disable the security features. If these employees have access to administrative privileges, then it can be deleterious to the crucial information on the company’s network. To prevent this, it is important to educate users about security measures, their purpose as well as the terms and conditions.
  • Clicking on Advertizements – It is an Ad-Mad world, but in the plethora of online advertizements, not all ads are harmless. Clickbait advertizements often lead to a site with malware, making it easier for the attacker to access sensitive information and database. Educate your employees about how to identify ads which have dubious content.
  • Phishing Bait – Phishing is done to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy site. Employees must be vigilant and should open only those links and attachments that come from a trusted sender. One can also check URL of a webpage before entering any login credentials.

Follow these simple security hacks as a part of cyber security defense mechanism -

  • Imparting data security training and awareness to employees.
  • Installing data loss prevention software.
  • Full encryption of devices.
  • Minimizing Access rights and privileges

We, at Centex Technologies, provide IT security solutions to all types of business firms. For more information, call us at (972) 375 – 9654.

Tips For Implementing BYOD In Your Organization

Over the years, the Bring Your Own Device (BYOD) policy has become an accepted norm in organizations across the globe. Employees are continuously using their smartphones to access company’s network, download important files and share sensitive data for collaborative projects. However, a number or organizations are still looking for ways to implement a strong BYOD policy, which increases employee productivity and eliminates any potential security risks.

Tips for implementing BYOD in your organization:

Specify Which Devices Are Permitted

Firstly, you need to set clear policies regarding the devices that are allowed to be used for work. Depending upon the network settings and security measures, you should decide the devices that will be supported. For instance, most organizations permit the use of only iOS devices due to their advanced security software and privacy-enhancing features.

Establish Strict Security Policies

Before allowing the employees to bring their own device, make sure you mandate a strong password policy. Ask the employees to lock their device using complex log in credentials and change it at frequent intervals. This will prevent unauthorized access to the official accounts and sensitive information, even if the device is lost or stolen. You can also require two-factor authentication for employees who access company’s financial details or client information on their mobile device.

Install Mobile Security Software

You cannot have complete control over the type of information an employee accesses through his smartphone. Malicious file downloads and spam websites can install malware on the device which may jeopardize the security of files stored in it. Therefore, you should make it mandatory for them to install an anti-virus software and run frequent scans to detect as well as remove any potentially dangerous application. You can even choose a security software that offers additional features, such as device tracking and remote wipe.

Decide The Apps That Will Be Allowed

This applies to all the devices that connect to the corporate network, be it your organization’s computer system or the employee’s personal smartphone. You should restrict the use of social networking applications, games, remote desktop access, VPN and other software that may pose a threat to the company. You can also block downloading of applications from third party sources.

For more tips on successfully implementing BYOD policy in your organization, feel free to contact Centex Technologies at (972) 375 – 9654.

Tips For Successful Penetration Testing

Penetration testing is an important step while evaluating the security of a corporate network. It involves simulating a hacking attack on the network with an aim to breach its security and gain access to the confidential data. This helps IT professionals to determine the potential vulnerabilities that can be exploited by the hackers and how they can be fixed. However, carrying out an efficient penetration testing requires a lot of research and in-depth technical knowledge.

Given below are some steps that need to be followed for successful penetration testing:

Perform A Thorough Analysis

Firstly, you should have a clear idea about all the physical and intellectual assets of your company that you want to protect. Assess your network inside-out to determine the elements that are more susceptible to an attack and can severely hamper the functioning of your organization. Also, review your security policies to ensure that the penetration testing team is not able to get into the network.

Conduct A Pilot Study

Before initiating the penetration testing process, consider performing a pilot study on a small portion of the organization’s resources. This will help to identify the type of problems being faced and if any additional training or knowledge is required to deal with them. A pilot study will also allow the team to plan and structure the large scale penetration testing.

Choose A Penetration Testing Method

The next step is to select the most suitable method for conducting the penetration testing. Typically, you can choose from black box or white box tests. The former one involves initiating the attack without any prior knowledge of the company’s security systems and unpatched vulnerabilities. In a white box test, on the other hand, the tester has access to the sensitive information, such as network diagrams, IP addresses, source code etc.

Determine Who Will Perform The Test

This involves creating a strategy for the test. Determine who will perform the penetration test, an in-house team or an outsourced one. If the test involves the use of social engineering techniques, decide on the type of email that will be formulated and which employees will be the targeted. Create an information security incident response team who will stay updated with the penetration testing and ensure objectivity of the results.

For more tips on conducting successful penetration testing, you can contact Centex Technologies at (972) 375 – 9654.

Ways To Secure Your Network Infrastructure

Maintaining a secure network infrastructure is one of the major challenges faced by IT security professionals. All the hardware and software components are critical for seamless connectivity, communication, operations and management of the network. However, the rise of Bring Your Own Device (BYOD) culture and cloud computing resources has made it even more important to protect your company’s information as well as assets.

Given below are some of the tips that can help to secure your network infrastructure:

Understand your network design

First and foremost, you need to understand how the network infrastructure at your organization functions. Gain knowledge about the devices that are connected to the network and the points through which data is transmitted between them. 

Review all the applications

The applications and programs installed on your organization’s computer systems can provide a backdoor for the hackers to gain unauthorized access. Undetected malware, viruses and Trojans can make the entire corporate network vulnerable to various hacking attacks. Hence, it is essential to constantly review all your applications and software programs to ensure that they are completely secured.

Build a security culture

Provide proper IT security training to your employees and set clear guidelines regarding safe usage of the infrastructure. Make them familiar with the common online threats and what should be done to stay protected. This will create a strong security culture and help employees understand their responsibilities towards protecting the company’s resources.

Use secure socket layer

A secure socket layer (SSL) can add a layer of protection to your network infrastructure. It encrypts all the information while it is being transmitted between a user and the web browser. This ensures that the information being shared within your corporate network is not read, manipulated or used by any unauthorized individual.

Avoid adding complexity to your network infrastructure

Unless it is absolutely necessary for the optimal functioning of your organization, do not complicate your network infrastructure. Adding superfluous devices, servers, wireless endpoints etc. increases the chances of your network getting compromised. In case you need to add a network service, ensure that it is properly secured. This, way, even in the event of a breach, the functioning of your entire network will not be jeopardized. 

For more tips on securing your network infrastructure, feel free to contact Centex Technologies at (972) 375 – 9654.