[BreachExchange] 4 Glaring Security Issues Placing Data at Risk

Audrey McNeil audrey at riskbasedsecurity.com
Fri May 5 10:07:05 EDT 2017


In 2016, we learned that no enterprise, no matter how large and profitable,
is safe from the hands of cyber thieves. Massive DDoS attacks brought the
likes of PayPal, Twitter, Spotify, Yelp, CNN, HBO, Fox News, and other
major service providers to their knees and lasted for several hours. Yahoo!
was hit by yet another data breach that saw a significant number of
customers close their Yahoo! email accounts. Other big multinationals such
as Verizon, Hewlett-Packard, and Oracle were also not spared in separate
hacking incidents.

Intruders and eavesdroppers are not restricting their affairs to the
internet. Cell phones and IP PBX systems have also become targets for data
and information thieves. Eavesdroppers who manage to get into your phone
can read your texts, record phone calls, and even track the phone’s
location. In fact, as the following infographic from Ooma shows, it’s never
been easier for hackers and government agencies to get into your phone.

For startups, any form of potential security threat is enough to send
customers to competitors, which contributes to the high number of startups
that fail within their first few years. Here are some of the most common
issues that place startups – and really every other business – at risk of
data breaches.

1. Poor password habits

In many instances, passwords are the first line of defense when it comes to
cyber security. However, many startups often rely on default username and
password combos to secure their IP PBX systems, VoIP, internet portals, and
networks. Many startups will often install new systems and leave these
passwords for months, creating fertile ground for cyber attacks.

In addition to strong passwords, experts in cyber security always advise
startups to put in place two-factor authentication protocols. Two-factor
authentication requires users to provide an additional security measure in
addition to passwords, for instance, a code sent to a mobile app or a phone
call with an authentication code. This ensures that even if hackers gain
access to your passwords database, access is still limited.

2. Insufficient physical security

Sometimes, it doesn’t take a special piece of code and hacking tools to
break into your system. In some cases, breaking into a local network can be
as simple as walking into a server room and copying valuable data into a
thumb drive. Early-stage startups often overlook the importance of physical
security, which can be devastating for startups that deal with a lot of
customer data.

Access to server rooms and other central data storage areas should be
restricted to only those with relevant access permissions. Startups should
invest in tools such as biometric access control systems in addition to the
regular software-based safeguards for maximum security.

3. Insufficient knowledge within the enterprise

Even with the best security systems in place, startups can still be
vulnerable to security breaches. Employees without the necessary technical
skills can open doors for hackers and eavesdroppers without their
knowledge. Plus, because many startups often work with remote freelancers,
people without knowledge on best security practices can place customer data
and information at risk every time they access remote databases and servers.

Startups should always invest in training employees so that they understand
the dos and don’ts when it comes to cyber security and protecting sensitive

4. Failure to install updates and patches

Every piece of hardware and software installation is always vulnerable to
cyber attacks, no matter how new and shiny it is. There are always
undocumented vulnerabilities with every new piece of hardware, including
the latest PBX and IP VoIP systems. Manufacturers are always testing and
making updates to firmware as these vulnerabilities are discovered after
the product has been launched into the market.

Most startups – and many of us individually – are guilty of skipping such
updates on a regular basis. As a result, hackers exploit these
vulnerabilities to gain access to systems, placing sensitive customer data
at risk.

Bottom Line

As an entrepreneur, the best thing you could do for your early-stage
startup is to ensure you get it right from the beginning. Customers are
more likely to do business with a brand that goes out of its way to
guarantee the safety and security of their personal information. Always
stay on top of things with regular security audits to ensure your security
system is updated and protected from future security threats.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170505/efe26320/attachment.html>

More information about the BreachExchange mailing list