Home » Technology » Security Transformation » Biggest Security Network Risks
Going into 2017, many businesses remain unprepared for a huge variety of security threats.
It is clearly in the interests of all involved that firms do all they can to shore up networks, not least to safeguard the confidential data of customers, employees and employers.
Below are three stand-out areas in which organisations need to be on the lookout for potential gaps through which security may be compromised.
Malicious behaviour: One of the greatest dangers to most companies comes from the close quarters – employees themselves. If a company harbours disgruntled workers, they may cause damage if they are so inclined. Members of an IT department with access to data centres, networks and administration files will pose the greatest threat.
To mitigate dangers, try to do all you can to keep staff happy and motivated in their jobs. As a backup, ensure you know which workers have privileged accounts and credentials, and try to monitor all activity through these accounts, with an alarm system in place that can allow for a quick response to any potentially nefarious or unusual behaviour. Terminate any profiles that are out of date or no longer in use.
Carelessness: We are all guilty of walking away from our computers without locking them, while many workers are untrained in broader best security practice. The use of open web connections, poor passwords, and the opening of suspicious emails each poses a huge security risk to the firm at large, and all associated with it.
Education is the keystone to mounting a serious and sustainable campaign against carelessness. Cyber security best practice must come first, with its importance emphasised to new staff as part of onboarding programmes.
Many do not know how to protect themselves online, and complacency often creeps into staff who have been with a company for a long time. Training and refresher sessions must be held regularly so that staff are engaged in the threats that are relevant to them, such as phishing and keylogging scams. Above all, strong passwords on all devices are essential, and these need to be changed every one or two months through a password management system.
Employees using mobile devices pose a high risk to organisations, especially when company data is shared. As the culture of BYOD continues to grow and integrate into our daily lives, this danger is only going to increase.
Taking advantage of lower security measures on personal handsets, hackers can more easily circumnavigate firewalls to get inside the corporate network, where they can install malware or other Trojan software.
To offset the risk, firms must have a clearly established policy on BYOD to ensure that employees are fully aware of expectations and, moving forward, consequences should security obligations go unmet. IT admins themselves need to improve monitoring so safeguards can be implemented against potentially harmful documents being downloaded. With higher profiling of BYOD risks, the dangers can become part of everyday working conversation, ensuring that a culture of awareness develops.
The increasing complexity of technology has brought much custom to vendors, as firms seek specialist support to maintain in-house systems and networks. This takes a great deal of pressure off the outsourcing companies themselves, but it can open the door to unexpected problems.
Third parties usually rely on remote access tools to access corporate networks, which is fine so long as best practices for security are adhered to. Unfortunately, this doesn’t always happen. Vendors sometimes use a default password to connect all of their clients, which makes for easy pickings for dedicated hackers.
The danger this presents is increased because organisations are too trusting; they fail to vet third parties before permitting them into their networks.
Ultimately, firms must do all they can to ensure third party validation, checking that any authorised usage of company systems is carried out using best practice. Multifactor authentication and unique credentials for individual users are both key in this regard. IT administrators within companies themselves need to ensure that third parties are afforded the narrowest permissions available, so that access is only granted where absolutely necessary.
As soon as external parties’ accounts are no longer needed, they should be deleted and monitors should be put in place to watch for any further attempts to access the network via these old login credentials.
The greatest danger to business networks today is simply that many bosses fail to recognise the threats online security involves. The best starting point is to appreciate that a breach is a matter of time, and that no organisations can afford to be complacent.
Furthermore, the battle in online security is ongoing. It is not a situation that can be addressed by implementing one or several measures. Rather, safeguarding digital health is about continually analysing results then reassessing and implementing new approaches, so that procedure and best practice are supported by a security-conscious culture that continually prioritises network safety across all business operations.