[BreachExchange] These Are Some of the Biggest Security Threats Facing Modern Businesses
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Oct 14 15:33:49 EDT 2016
http://alltopstartups.com/2016/10/12/biggest-security-threats-facing-modern-
businesses/
Some people would have you believe that as time has gone on, the need for
rigorous business security has gone down. This is wrong! While it’s true
that certain threats have been completely eliminated, crime is always a
constant, and every generation sees a range of totally new corporate
security risks.
Unfortunately, there’s nothing you can really do to stop criminals
targeting your assets. However, you can certainly reduce the risk of any
serious damage by understanding these threats, and taking preventative
measures.
Here, we’ll look at some of the biggest security threats facing modern
businesses, and what you can do to make sure you’re protected.
Your disgruntled employees
The first security risk you need to be aware of is disgruntled employees. I
thought I’d get the worst of it out of the way first. The possibility that
your own workers could have it in for your business can be pretty hard to
swallow, but it’s a very real threat which you have to be aware of.
When a rogue employee is part of your IT department, and has fairly
unlimited access to your data centers, networks and important accounts, it
can lead to some very serious damage. Look at any study into major
cyber-attacks or thefts, and you’ll see that an alarming amount of them
were inside jobs.
This can be hard to crack down on, but certainly not impossible. The first
thing you need to do is identify all those privileged accounts which have
the potential to cause a security breach. If you haven’t been paying enough
attention to your employee turnover, then have a big spring clean.
Terminate all those privileged accounts that are connected to people who no
longer work for the business. From there, you need to have a system in
place for constantly monitoring and controlling the account privileges
which could be exploited.
Careless and uninformed employees
Another big threat which you have to be aware of is employees who are
simply careless or uninformed, rather than malicious. Someone at your
business who manages to lose a mobile device can often be just as dangerous
as a saboteur.
By the same token, staff who aren’t properly trained in good security
practices can be a big threat. They may use weak passwords, open malicious
emails, or click on links to suspicious websites. While cybersecurity
should be the biggest concern for any business owner in 2016, it’s also
very important to consider physical, “old-fashioned” security risks as well.
Careless employees in an industrial setting may leave keys or sensitive
documents out in the open for criminals to stumble upon and exploit. In
this situation, your best bet is introducing a key tracking system, or
looking into some security guard services.
When it comes to more modern, digital threats, you need to be training your
employees on best cyber security practices, and offer them constant support
wherever they need it.
Schedule a few training sessions outlining the importance of managing
passwords, and how to make it harder for hackers to attack your company
computers.
Mobile devices for work related tasks
Another big risk you need to be aware of is mobile devices in general,
particularly when you’re running a BYOD system at your company. Ever since
businesses have started using bring-your-own-device systems, it’s made
business tech so much easier to manage and afford for small business owners.
However, they’ve also introduced a whole host of new cyber security
threats. When employees are using their own mobile devices to share
important data and access company information, it seriously ups the risk of
data theft.
If your organization has embraced BYOD, or will do in the near future, then
you need to be wary of the increased risk it carries. The only real thing
you can do to mitigate this risk is set out a clear BYOD policy, and make
sure all your employees are sticking to it.
With a clear set of rules in place, your employees will be better educated
on how they’re expected to use their devices, and it will be easier for you
to monitor emails and files which are being downloaded to employee and
company-owned devices.
Effective monitoring will make it easier to understand the risk of mobile
data loss, and pin down exposures if devices are ever lost or stolen.
Tthird-party service providers
The final security risk you need to know about is third-party service
providers. As time goes on, tech has become progressively more complex and
specialized.
This means that more and more business owners are having to outsource
various technological functions to third party service providers in order
to maintain and support different systems.
One common example is restaurant franchises which need to outsource the
management and maintenance of their POS systems to third-party service
providers. While these third-party providers use remote access tools to
connect to the company’s own network, they don’t always follow the best
security practices.
One common blunder is these providers using a single default password to
connect to all of their clients remotely. In this scenario, a hacker only
needs to get a hold of one password to gain access to every client’s
network.
Many of the most high-profile cyber-attacks of the past few years have been
due to a service provider’s credentials being stolen. These contractors may
not have any malicious intent, but a blasé attitude to cyber security can
end up causing massive damage to your company.
The best way around this kind of threat is vigorous vetting before you
choose to go with any third-party service provider. Make sure that any
third party you consider is following best practices when it comes to
remote access.
Multi factor authentication, unique credentials for every single user, and
setting least-privilege permissions are all good signs. It’s frustrating to
have a breach due to your own carelessness, but even worse when you’re left
to deal with someone else’s mess!
Take this advice, and you’ll do a lot to reduce the chances of a security
breach at your company. Just remember that as much as you try to protect
it, some security breaches are inevitable. Be aware of all the risks your
company is facing, and have a plan in place for every scenario.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161014/163b1bac/attachment.html>
More information about the BreachExchange
mailing list