Data breaches make the news on a regular basis. Yet despite the regularity of security leaks and repeated attacks hitting businesses we know and use regularly, there’s always a sense of “that won’t happen to me.” Many businesses choose the “head in the sand” approach and are still not adequately protected against some of the most common security threats.
Every business has sensitive data. It may be client files. It may be trade secrets. Knowing where your greatest risks lie can help you take action and protect against them.
Risk #1: Unhappy Employees
You don’t have to worry about someone breaking into your systems if an unhappy employee is already in place and capable of destruction. Rogue employees can cause serious damage, especially if they are in sensitive departments with extensive computer knowledge and have access to networks, data centers or administrative files.
The first step is monitoring employees according to their level of sensitivity. The more access they have, the more censoring should take place. When highly sensitive employees quit, access should be removed immediately. Having an infrastructure in place to track, log and record activity is vital for quick response.
Risk #2: Unthinking Employees
Often, people don’t think about being careless; they’re simply looking for the easiest path. They leave phones, tablets and laptops unlocked. They create easy passwords and never change them. They leave sensitive data out in the open. Yes, they have too much trust. Yes, they don’t consider the risks they are leaving wide open. Yet you may end up paying the ultimate penalty.
The best place to start is with a strong security policy that employees understand and use. It’s up to management to do its due diligence to ensure policies and procedures are being met. Encryption is also essential. Even if an employee hasn’t taken personal precautions to protect data, your IT team can remotely handle problems should they arise.
Risk #3: Unpatchable Devices
It’s difficult to stay up to date with the latest technology. After all, there’s a lot to purchase, a lot to control. Routers, servers, printers, software, old devices – all of it can easily allow a data breach if it’s vulnerable to outside sources. This leaves you ripe for attack.
To counter and protect yourself from holes, it’s important to have a patch management system in place. This ensures all devices and software are kept up to date at all times. This also ensures that vulnerabilities are shut down before they become a problem. If a program or a device is no longer fixable, it can be retired, and a new selection can be put into place instead.
Risk #4: Third Party Service Providers
Companies rarely handle all systems internally. They outsource to many vendors for support and maintenance. One service provider might provide their point-of-sale system while another supports customer management. These third party systems typically use remote access tools to connect with a company’s network, but may not follow the same policies your company has in place. They may cause easy side doors for hackers to enter.
What many companies fail to realize is that by buying into these third-party systems, they must validate their policies as if they were their own. Do they follow best practices? Do they enforce multifactor authentication? How do they track remote access activity? If you question it within your company, you should ensure third-party systems have similar values. Otherwise, the consequences can be severe.