Businesses have always struggled with the idea of business security. Are you doing enough to protect your company, clients, and employees? Is there really such a thing as too much security?
Technology is constantly changing, and as such, so are the threats many organizations face. Everywhere you turn, some security company is trying to point out flaws in your security practices and scare you into purchasing additional services that you might not need. This causes many businesses to overlook some of the more obvious security risks.
Here is a couple of obvious network security tips that you might have overlooked.
Security Risk No. 1 – Disgruntled Staff
When you have current or former employees who feel that they have been wronged by the company, they could look for retribution. This creates a major security risk for companies, especially if said employee had administrator access or were members of the in-house IT team.
Potential Solution – In order to address this issue, the best thing you can do it routinely examine your system network for privileged accounts that should no longer be in use. These accounts should be terminated as quickly as possible. Ideally, you should restrict or eliminate access for these accounts immediately after an employee is fired or leaves the company.
Security Risk No. 2 – Poorly Educated Employees
When a company fails to educate its employees about security risks, they are just asking for trouble. Make sure employees know the risks involved with reading personal emails, clicking links, or visiting unapproved websites on the company’s network. Make sure you also explain how something as simple as a lost or misplaced phone, laptop, or tablet that has company access and passwords is extremely dangerous.
Potential Solution – Make sure you properly train all of your employees on Internet and cyber security before you even give them access to your network. Unfortunately, many employees do not understand the difference between business security and personal security and think that everything is protected. They do not understand the importance of strong passwords, how to create them. or how often to change them. You can also encrypt your business network, preventing any systems, other than those you provide the encryption key with, from accessing information.
Security Risk No. 3 – Personal Devices (BYOD)
Everyone has at least one personal mobile device that they carry with them at all times. Some companies even provide certain employees with a company-owned laptop, tablet, or phone for them to use for business purposes. This means multiple mobile devices might be accessing your network from a single employee. Roughly 70% of all security breaches stem from the use of mobile devices. All it takes is an employee downloading an app that has a hidden virus or other Trojan-style software on it, and your system can be compromised.
Potential Solution – The best solution at this point is to employ the use of some sort of network intrusion prevention and detection system. These systems help identify, assess potential threats, isolate those threats, and eliminate them. This is something every company should be using since, regardless of your company’s BYOD policy, employees will always bring their personal devices. Even if they follow all of the company rules associated with the use of company devices, they will not adopt those rules for use over their own devices.
Security Risk No. 4 – The Cloud
Any application that is cloud-based comes with numerous security risks. The fact that these applications can be tapped into at anytime, anywhere makes them extremely dangerous. If an employee uses a cloud service to store files or data, allowing them to work remotely, your network could be at risk. If someone slides a virus or other type of malware onto a device or into a file and it gets into the cloud, it can reach any system that connects to the cloud.
Potential Solution – The best solution goes back to encryption at this point. Ideally, you want to use a 256-bit AES encryption, but anything is better than nothing.
Security Risk No. 5 – Outdated Or Unpatched Devices
Some network devices like routers, printers, and internal servers use firmware or software to operate. This means that these devices require updates, also known as patches, to eliminate vulnerabilities and improve performance. Many security practices state that all automatic patch updates should be disabled, yet many companies fail to manually check for patch updates. This means multiple network devices could be easily hacked into due to outdated security protocols.
Potential Solution – Rather than leaving the automatic update features active on your devices, look into a patch management software to monitor all of your network devices. This software will inform you when new patch updates are available and, if you wish, apply them for you. The best approach is to have your IT person or department create a schedule to check every network system for updated files. If a specific piece of network equipment has not had a new security patch update provided within a certain amount of time (typically 60 to 90 days), that piece of equipment is disconnected from the network and removed until a new security patch is made available.
Security Risk No. 6 – Outsourcing
A lot of businesses outsource several aspects of their company to third-party vendors, for example, POS (Point of Sale) service providers. While this has multiple benefits for the business, it also comes with a lot of risk. A lot of these systems are run remotely by the provider, which means a single representative or agent be responsible for managing hundreds of accounts if not more. This means they likely auto-save the username and password for your specific company and your devices. It could also mean that they are using a single, universal password to cover all accounts. If the device they use gets lost, stolen, or hacked, access to your private information is there for the taking.
Potential Solution – The best thing you can do is ensure that all of your outsourced vendors are using current remote best practices techniques. Ask for proof that their system is secure and that your information is being safeguarded.
About the Author: Norah Abraham has been a freelance writer since 2005. She attended the University of Boston and graduated with a Bachelor in English Literature. She loves public speaking and motivates people in her own comic style. She loves gadgets and techie stuffs. In her career, she has written dozens of press releases, articles, and essays.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.