Businesses have been aware for many years of the very real
threat to their business from security breaches, distributed denial-of-service
(DDoS) attacks and more, but despite warnings from concerned security
professionals about keeping better control over their sensitive data, many
small businesses still aren’t taking security as seriously as they should.
If you have a feeling that this may well be you, what can
you do to up your game when it comes to protecting sensitive data from security
threats? First, you need to look at the most common causes - here’s our top
three.
1: Resentful or disgruntled employees
A disgruntled member of staff can do a lot of damage to your
internal security, especially one that has access to your networks, data
centres and IT admin accounts. However hard you try, you’re not going to be able to
eliminate staff dissatisfaction, so you need to mitigate the risks by
identifying privileged accounts and credentials and deleting any that are
connected to ex-employees who may have an axe to grind. Privileged accounts
should be routinely monitored and there should also be a protocol in place to
track, log and record activity on these accounts so that anything suspicious or
malicious can be quickly spotted and dealt with.
2. Human error & lack of training
An employee who leaves their laptop unlocked and on a train
is just as dangerous as an ex-employee who maliciously breaches your security. If your employees aren’t properly trained in
data security, they also pose a risk. Make sure that your employees are up to date on cyber
security. Hold regular, mandatory training sessions so that they know the risks
of weak passwords, unencrypted or non-password protected portable memory, and
even basics such as not opening suspicious email attachments. It’s vital to drive the point home about passwords; they are
the first line of data defence and so staff members need to know about basic
rules; choosing a password with upper
and lowercase letters, numbers and symbols, keeping separate passwords for different
sites and devices and changing them regularly. Encrypting data is another way of avoiding data breaches
through human error; even if an employee hasn’t locked their phone, you can get
the IT department to wipe any selected data just by revoking decryption keys
specifically used for company data. You can then go a step further and use
authentication methods like a One Time Password (OTP), smart card, fingerprint
reader or even retina scanning if you need an extra layer of security.
3: Unpatched - or Unpatchable - Devices
If you have hardware such as servers, routers or printers
that use software or firmware for which there’s no patch for vulnerability, or
their hardware isn’t designed to enable
them automatic updating if a vulnerability is detected, it leaves you open to
attack. Out of date servers are especially vulnerable; Microsoft no longer
supports Windows Server 2003 and with an estimated 10 million or more Windows
2003 servers still being used, outdated servers are prime targets.
Put a patch management program in place to make sure that
all of your hardware and software is constantly updated. Vulnerability
management technology is available to check your network for anything that’s
out of date, and a policy of taking anything that hasn’t been updated for a
long time offline will also minimise the risk.
Do you know where your business is vulnerable? If you need
advice on procedures and policies that keep your sensitive data safe, or want
to know more about staff training, contact me and I will be delighted to
provide you with guidance and advice.
No comments:
Post a Comment