Data Security Issues for the Business World
by Paul Kazlauskas
Security breaches have been making news for years despite repeated warnings from I.T. professionals that many businesses are unprepared for a variety of data security threats. What can companies do to better protect themselves and their customer’s data from security threats? Here are five of the most likely causes of data security breaches and what business can do to protect against them.
1. Bringing your own mobile device to work
Data theft is more probable when employees are bringing their own mobile devices (BYOD) to share data and access company information, especially when they neglect to change mobile passwords. Healthcare facility data breaches may get more exposure in the media about BYOD, but the corporate world is greatly effected as well. Mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months. As more enterprises embrace BYOD, they risk exposure from those devices on a corporate network in the event an app installs malware that can access the device's network connection.
The solution to this starts with a carefully spelled-out BYOD policy, which includes device monitoring. Monitoring effectively will provide companies with visibility into their mobile data-loss risk, and will enable them to quickly pinpoint exposures if mobile devices are hacked, lost, or stolen. However, employee privacy should still be a concern. To help with employee privacy, companies should implement mobile security solutions that protect both corporate data and access to corporate systems, while also respecting users’ privacy through “containerization”. By securely separating business applications and business data on users’ devices, it ensures corporate content, credentials, and configurations stay encrypted and under I.T.’s control, adding a strong layer of defense to a once-vulnerable point of entry.
2. Unpatched or out-of-date devices
Occasionally, network devices (e.g. routers, servers, and printers) employ software in their operation with vulnerabilities. Either a patch for a vulnerability in them was not yet created or their hardware was not designed to enable them to be updated following the discovery of a particular data vulnerability. This leaves an exploitable device in your network, waiting for attackers to use it to gain access to your data. The solution is to remove any device that can’t be patched to combat security vulnerabilities, even if an incident hasn’t occurred yet. The number one culprit is any device that uses Windows Server 2003.
3. Outsourced service providers
As technology becomes more specialized and complex, companies are relying more on third-party vendors to support and maintain their I.T. systems. Many times, these outsourced partners use remote access tools to connect to the company’s network, but don’t always follow security best practices. Many high-profile and expensive corporate breaches (e.g. Home Depot and Target) were due to a contractor’s login credentials being stolen.
The ability to exploit remote vendor access is something companies should be very aware of when vetting potential outsourced I.T. partners. A thorough questioning session with each potential vendor should occur before allowing any outside vendor to have access to your network. In addition, once a new vendor is selected, it is imperative to disable any third-party accounts as soon as they are not needed, as well as to monitor failed login attempts.
4. Untrained or careless employees
Employees who are not trained in data security best practices and, therefor, are prone to having weak passwords, visit unauthorized websites, click on links in phishing emails, or open unsolicited email attachments pose an enormous security threat to their employers’ systems and data. It’s essential to hold training sessions to help employees learn how to create and manage passwords, and avoid hacking via criminal activity like phishing and keylogger scams. Employees need to be trained on cyber security best practices and should be offered ongoing support, so they better understand how to act and why.
5. Dissatisfied or resentful employees
Internal breaches can be one of the biggest threats facing your data and systems. An I.T. team member with intimate knowledge of and access to networks and admin accounts can cause serious damage if the employee becomes disgruntled. The solution is two-fold. First, identify all privileged accounts that have sensitive credentials and immediately terminate those no longer in use, especially those used by former employees. Second, closely monitor, control, track, log, and record privileged account activity to allow for a quick notification of malicious activity and, hopefully, catch a breach early in the process.
What else can companies do to better protect themselves and their customer’s data from security threats? Please add your thoughts below in the "Comments" section.
Want the latest, best security practices delivered straight to your inbox? Enter your email address in the "Subscribe" area (on the left side navigation).
Download Free Whitepaper ›
Our exclusive "Guide to Choosing a Visitor Management System"
Posted on 10/18/2017