Security breaches have been a popular news items the last couple of years. Despite the headline stories about security leaks and hacker attackers, many businesses are still unprepared and not properly protecting their data from a variety of security threats. According to Trustwave’s 2014 State of Risk Report, 476 surveyed IT professionals said a majority of businesses had no or only a partial plan in place for controlling and tracking sensitive data.
So what can your company do to better protect your data and your customers’ sensitive data from security threats? Take a look at four reasons your company data may be at risk and the solutions to protect your important data.
Risk #1: Careless Employees
A careless employee who forgets his unlocked laptop in a taxi is as big of a risk to a company as a malicious hacker. In addition, employees who are not trained in security best practices, those who have weak passwords, or click on suspicious links pose an enormous security threat to your company systems and data.
The solution: Train employees on security best practices and offer ongoing training and support. Some employees may not know how to protect themselves from online threats, unknowingly putting your business at risk. Training sessions are essential to help employees learn how to manage passwords and avoid phishing scams.
You’ll also want to make sure your employees have strong passwords on all devices, including laptops, tablets, and smartphones. Passwords are your first line of defense, so make sure employees use strong passwords. Strong passwords include upper and lowercase letters, symbols, and numbers. Remind employees it isn’t best practice to use the same password for each registered site. Using a different password for each site and changing that password every 30 to 60 days is essential.
Risk #2: Disgruntled Employees
Right along with carless employees is the risk of disgruntled employees. Internal attacks are one of the biggest threats facing your data and systems. Disgruntled employees, especially those on the IT team with knowledge of how networks work, access to admin accounts, and access to data centers can cause serious damage, both to your data and your company reputation.
The solution: Mitigate the risk of privileged account exploitation by identifying all accounts and credentials and immediately terminate those that are no longer in use or those connected to employees no longer at the company. You’ll also want to closely control, manage, and monitor all privileged credentials. Companies should also implement the necessary protocols and infrastructure to track, log, and record account activity to allow for a quick response if there is any malicious activity.
Risk #3: Unpatched or Unpatchable Devices
Unpatched or unpatchable devices are routers, servers, and printers that have software or firmware as part of their operation system, but a patch for a vulnerability in them was not created or sent. The hardware could also be designed to not enable patches. This leaves your devices vulnerable in your network and giving attackers an open invitation to use your device to access your data.
The solution: Start a patch management process to ensure that devices and software are always kept up to date. The first step is to check your technology and look on your network to see what is, and what isn’t current. You can do this with vulnerability management technology. Then, ensure there’s a policy in place where all employees agree not to use a certain piece of equipment if the patch is outdated.
Risk #4: Mobile devices
While mobile devices, like smartphones and tablets, make working remotely easy, data theft is at high vulnerability when employees are using mobile devices, especially their own, to share and access data. According to a BT Americas study, mobile security breaches have affected more than 68 percent of global companies in the past year.
As more employees use their own smartphones and tablets to get work done, companies face a risk of exposure from those devices if the device installs an app with malware or Trojan software.
The solution: Ensure there is a carefully planned policy in place about using personal mobile devices for business operations. With a mobile device policy in place, employees can become educated and companies can better monitor emails and documents that are being downloaded to mobile devices. Monitoring will provide companies with the opportunity to see into their mobile data risk and quickly pinpoint any exposures.
On a similar note, companies should implement mobile security solutions that protect both corporate data and access to corporate systems, while still respecting user privacy. This will ensure that corporate data and configurations stay encrypted and under your IT department’s control, adding an extra layer of defense against hackers.
Don’t leave your important company data unprotected. Get informed about the above risks and then take the steps necessary to ensure your data is safe and protected.