IT Security Risks and Seven Ways To Prevent Them

security-risk

In my last blog “Q: How Seriously Should You Take Internet Security? A: More”, which did exactly what it says on the tin, I recommended more bespoke and targeted security to prevent more targeted hacking attempts.

Then, as if to prove my point, the US government got hacked!

The US has said it faces a “dedicated adversary” and an “ever evolving threat” to its cyber security, don’t we all!

The comments, at a White House briefing on Friday, come after that major data breach that may have compromised the records of four million employees.

US officials have blamed China for the attack, the Chinese have denied any involvement – but who will you blame if such a thing were to happen to your company or organisation? Cybercriminals are a pretty faceless bunch but you need someone to point the finger at right? Well, and it’s a bitter pill to swallow, but in most hacking cases – the biggest culprit is the organisation that got hacked.

There are 34,529 known computer security incidents every day in the U.S. according to Timothy Francis, enterprise lead for cyber insurance at Travelers. Many of these (around 62%) are breaches of small and medium-sized businesses – now of course they don’t get the media spotlight in the way that a targeted attack on the government does.

With the smaller guys, blame is being pointed squarely at a lack of technological knowledge and sophistication of security in place – security and knowledge that apparently larger retailers and big companies have … but they still get hacked. In turn the security protocols in place at government level are vastly superior and more sophisticated to those larger retailers but as we have seen this last week or two – they too are not immune to a breach.

It is a serious issue worldwide, for the first time the UK has a minister whose remit is to oversee online security, Joanna Shields (Twitter : @joannashields) was appointed Minister for Internet Safety and Security and is promising innovation not regulation – a light touch approach. For your organisation a light touch approach is not enough.

According to Trustwave’s State of Risk Report in 2014, a majority of the 476 IT professionals surveyed about security weaknesses said their businesses had no or only a partial system in place to control and track sensitive data.

So, what can you do to better protect yourself and your customers’ sensitive data? CIO.com questioned dozens of security and IT experts and identified six key risks:

Disgruntled Employees (or former employees for that matter!)
Careless or Uninformed Employees
Mobile Devices (BYOD)
Cloud Applications
Unpatched or Unpatchable Devices
Third-party Service Providers
The CIO.com report quoted above is a good read – but what can you do about the risks today?

1 – Re-acquaint yourself with your IT estate. Is there a weak link? See Denis Webster’s blog The Internet of Things – Is This the Back Door You Forgot to Lock?. Is your software fully supported? For example, on 14th July this year (2015) Microsoft no longer provides support for Windows 2003, so if you’re using one of the 10 million physical Windows 2003 servers still in service you will not receive patches or updates. Getting to know your IT infrastructure – or having a trusted partner do this for you mitigates the risk of a cyber-attack through software becoming obsolete and no longer supported.

2 – Explore efficient Identity Management that can secure sensitive applications and data, whether they are on premise or in the cloud by identifying users and controlling their access to resources according to the permissions associated with their trusted identity.

3 – Look into Business Service Monitoring – Virtually every maliciously triggered service failure presents early symptoms that if the right people know about them can be prevented or locked down.

4 – Get Password savvy. It sounds obvious but they really are your first line of defence. See my previous blog How 53r10u5ly Are Your Employees Taking Endpoint Security? 7 Top Password Tips For Them (And 1 For You). Make sure that your employees use passwords that aren’t easily guessed with upper and lower case letters, and numbers and symbols! Encourage them to change it every month or so, or use a password management system to automate the process.

5 – Up Your Encryption Levels – Strong encryption is your best defence against cloud based attacks. The majority of breaches clearly show that too few organisations are using data level cloud encryption to protect sensitive data and that’s like leaving your back door unlocked.

6 – Don’t go it alone. Get a partner who is aware of current best in class security and the latest threats. Choose someone who will first get to know your business and its needs and identify specific risk areas within your organisation.

7 – Regular training and repeat, repeat, repeat the obvious. More often than not organisations who were hacked after an employee left his or her iPhone in the back of a cab have given some kind of warning to their staff about the responsibilities that come with BYOD (Bring Your Own Device) but usually it was back at the start. You must continuously train and remind your staff of the risks – the hackers are getting better all the time – you must too!

Security breaches are always big news. Either literally when the US Government or Sony gets hacked and it leads the Six O’Clock News on the TV or just big news for your organisation or company when you are breached and have to deal with the disruption and loss of reputation that goes with it.

However, despite years of headline grabbing stories about distributed denial-of-service (DDoS) attacks, rogue employees and security leaks and, of course, the accompanying “talking head” security professionals that the media wheel out to say that businesses must get better at protecting their sensitive data, many are still unprepared or not as well protected as they could and should be against an increasing variety of security threats.

It could be you next time, do something today to make that less likely.

Contact Pangea to discover how we can help you to manage, secure, support and maximise productivity for every user, with any device, anywhere with solutions from the world’s leading remote desktop management, security and support vendors

No Comments

Leave a Comment

Show Buttons
Hide Buttons