If you’re running a business that relies on your IT, you understand how important the security of your network truly is. However, you may not realize exactly how many ways a network can be vulnerable to threats. What follows is but a small sample of the different data security vulnerabilities your business may deal with, and how best to resolve them.
- Insecure Passwords: While it really should be common sense not to use “password” or “guest” as your password, more people than you know have pretty easy-to-guess passwords. The Best Practice: Set up measures and protocols requiring a more complex (ideally randomized) series of case-sensitive numbers and letters for all user passwords.
- Sub-par Antivirus: Anything less than total antivirus protection simply is not enough, and manually managing it from each workstation can be tedious, posing opportunities for failure. The Best Practice: Centrally manage your antivirus software, deploying it from the server to all workstations and kept up to date daily.
- Disabled Security Measures: You’ve managed to put together a seemingly airtight digital security system - until one of your employees gets sick of having to jump through hoops and figures out how to circumvent them, giving intruders an open door. The Best Practice: Withhold permissions to change security settings from your employees, and provide regular security awareness meetings.
- Missing Security Patches: That “New updates are available” message keeps popping up, and you keep ignoring it thinking “I can’t right now, I’m too busy”. Next thing you know you’re 3 patches behind and your computer is really slow....hmmm. The Best Practice: Make time to update your software and apply security patches. Schedule a block of time, at least every week dedicated to pc maintenance.
- Out of Date Networking Equipment: Of course, there is only so much you can do to keep files secure while using out of date firewalls and older routers. The Best Practice: Replace physical firewalls and routers every 4-5 years for the highest security measures.
- Spam: “YOU’VE WON!!! CLICK HERE TO CLAIM YOUR PRIZE!!!” While it would be nice if it were true, emails like this are obvious examples of spam - although some employees might not realize this. The Best Practice: Spam-blocking software can help to stop most, if not all serious problems, as long as it is kept up to date.
- Phishing Attacks/Calls: This form of attack is easily one of the most irritating and distracting you could have to deal with during your day-to-day operations, and unfortunately may only be averted through educating your employees. The Best Practice: This ties back into the regular security awareness meetings recommended above. There’s always something new to warn employees about, and being dedicated to spreading awareness is more of an investment on your part than a cost.
- Unused User IDs: If you aren’t diligent about deactivating user accounts when an employee leaves your employment, you risk leaving a largely unmonitored doorway directly into the system. The Best Practice: Deactivate user accounts as soon as possible after employment ends to reduce the risk of the login credentials being passed along. Shared credentials in any form should also be changed.
- Public WiFi: If an employee happens to access a company file remotely, using a typically unprotected public signal, they are potentially throwing the digital doors open to security threats, leaving your data exposed and vulnerable. The Best Practice: Reinforce that equipment is only to be used on safe, secure hotspots, and still utilize a VPN.
- Mobile Data: This presents largely the same potential problems as public WiFi signals - how safe are they, really, from security threats? The Best Practice: Implement a BYOD policy, and store data in a centrally-accessed, controlled environment exclusively for users.
- Excessive Permissions: When Jimmy the intern has the same data access as the CEO of the company, there’s a larger risk of information leaking out that shouldn’t. The Best Practice: Implement user restrictions through individual access permissions. This keeps access exclusively in the hands of those network members who need it.
- Open Physical Connections: All the passwords in the world won’t stop an on-site hacker from downloading information or uploading malware to an open connection, especially if a workstation is left unattended. The Best Practice: Control this by enforcing domain policies and restricting firewall and network access. Locking the workstation when moving elsewhere certainly doesn’t hurt, either.
- Hardcopies: Speaking of things passwords can’t stop someone from reading, hardcopies are very difficult to keep secure. This is especially true when they are left unattended or misplaced, potentially leaving anyone passing by privy to the contents.The Best Practice: Going paperless keeps this from becoming an issue in the first place, so it is wise to digitally manage your data.
- USB Drives: As handy as it is to have a thumb drive in your pocket to carry around your critical files, they are remarkably easy to lose - allowing your data to fall into some unknown person’s hands.They also can serve as a means of direct transportation to your servers, skipping right over any firewalls you have in place.The Best Practice: Prevent use of USB ports using administrative passwords (built in function for windows PCs) and set up secure cloud storage/sharing based on user permission levels.
- USB Devices: While yes, this entry would also include the USB drives, there are other USB devices that also come with threats attached. Data (especially the malicious kind) can also be stored on items as seemingly benign as a digital picture frame. The Best Practice: As stated above, control USB access through administrative passwords and whats allowed to be plugged into certain ports through group policies. If an employee request the use of a specific device, such as a special mouse, incorporate a security check into your BYOD program for non-networked equipment.
- Uninformed Employees: No matter what steps you take to secure your network, it will be useless if your employees aren’t educated in the new procedures. After all, if they don’t know about the things they shouldn’t do, why would they stop doing them? The Best Practice: People don’t know what they don’t know. Practice diligence in educating your employees. Remind them of policies and hold mandatory review seminars.
This is why your business’ network security should have top of mind priority, as hoping nothing will happen doesn’t do very much good once something does. Again, implementing these policies won’t make your network immune from security risks, but they will help fill some holes in network security. As threats evolve your security needs to as well.