In the world of IT security, hackers are always busy circumventing various cyber defenses and security companies are always found racing to react to these emerging cyber threats. This is just simply part of today’s business world but there are steps you can take to help keep your company data safer and knowing which mistakes to avoid is the key. Here are 5 mistakes to avoid making with your company’s IT security:
1. ALLOWING EMPLOYEES TO INSTALL THEIR OWN NETWORK.
As computing infrastructures become more diffused and decentralized, keeping machines and data secure becomes more challenging. These days, companies are able to hire and keep the best employees regardless of where they live. All those far-flung devices can become infected with malware that may also infiltrate the company’s network and make off with valuable company data. Mobile devices also are susceptible to data leaks because they can be lost or stolen, as well as more easily accessed by an outsider. When data disappears, financial, legal and reputational problems can quickly follow.
What should you do to help prevent this from happening? Create a secure connection to the company network and ONLY use this network.
To reduce the chance of malware infection, use security software and practice good computer hygiene by using the latest versions of all applications and installing new security patches immediately. It’s risky to rely on employees to take care of updating applications, so activate automatic updates from software makers or use a patch-management tool to distribute updates to remote computers yourself. Installing encryption software is a great way to mitigate potential damage too.
2. ALLOWING YOUR EMPLOYEES TO CHECK PERSONAL EMAIL ON COMPANY COMPUTERS.
The best security technology in the world can’t help you unless employees understand their roles and responsibilities in safeguarding sensitive data and protecting company resources. This will involve putting practices and policies in place that promote security and training employees to be able to identify and avoid risks.
Your company’s security strategy will only work if employees are properly trained on it. Therefore, the importance of providing information security awareness training cannot be understated. Make sure employees know how and when it’s safe to share information.
An effective security awareness program should include education on specific threat types, including but not limited to:
- Social Engineering
3. NOT REQUIRING AUTOMATED PASSWORD CHANGES.
An important area to address is the importance of password construction and security. Seems minor? It’s not. Believe it or not, password cracking is remarkably easy, particularly for advanced hackers. And this “minor” step that users take every day could make a significant difference in protecting your firm’s sensitive information. Current data shows that it takes up to 16 months on average for companies to notice a security breach. In those 16 months, the bad actors have been stealing sensitive data that will be released into the wild and can never be retrieved.
In the real world, it happens like this. Most usernames are the person’s Email address and 60% of the time people use the same password across multiple accounts. So, if one site gets compromised your credentials are out in the wild and with a little social engineering the bad actors can have access to banking, retail, retirement, medical and other sites that have sensitive data. This is why the bad actors are trying to get your social media account passwords- so they can unlock the information about you to get to the real valuable data.
Requiring your employees to change their passwords routinely is a great practice. Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols along with keeping them private should be a part of your company’s policy.
4. NOT HAVING A DATA LOSS PREVENTION SYSTEM IN PLACE.
Keeping sensitive information secure from theft and vulnerability in today’s digital world isn’t as easy as putting a lock on the file cabinet. Email data is stored in ‘files’ on your device and there are programs that can access and read those files, these programs can even read and display attachments. Rifling through email is the most common process of Malware. It has been reported that only 50% of emails are encrypted and many people are sending credit card and social security numbers via email. When training new employees, you should always give instructions on what should and should not be sent via email.
Programs like Dropbox, Google One Drive, Box and hundreds of other applications allow for data to be sent from a network and stored into employee’s personal accounts. No business owner would allow an employee to make copies of company data and store offsite at will. Yet this is what is happening thousands of times per day. Companies need to implement some form of Data Loss Prevention (DLP) system to protect sensitive data from getting into the wild.
5. USING DEVICES THAT ARE NOT ENCRYPTED.
Data theft is an uncomfortable reality for any modern business. Laptops get stolen, cloud storage accounts get compromised, disgruntled employees steal vital files, and thumb drives get left behind on the train. And with modern devices capable of storing plenty of mission-critical data, the loss of a laptop or phone can have very serious implications for any business – losing vital trade secrets like designs for an upcoming product, the code for an app revamp or the balance sheets for the year gone by can all set you back months, if not years.
According to PC World Magazine, there are 82,000 new malware viruses created every day. The threats are increasing and spreading each year. There is no ONE filter to or design to catch them all so you must have a series of filters.
The best way of dealing with such an eventuality is to implement encryption across all devices you use – from any old Windows XP desktop PC you still use, to the spanking new Windows your business is migrating to, and to even the smart phones your sales personnel use in the field.
Thank you for taking the time to read our blog, If you know someone that could benefit from this information, please feel free to share this blog post with them so they know what to do when their cell phone gets hot.
Phillip Long, CEO of BIS Technology Group, along with his team of marketing and information technology experts, will walk you through an overview of what your business should be doing to protect your data and plan your digital marketing strategies.
About BIS Technology Group
BIS Technology Group is the technology leader on the Gulf Coast and is comprised of four divisions: Information Technology, Web Design & Digital Marketing, Office Equipment and Business Consulting. Together these divisions help local businesses exceed expectations and allow them to group to their full potential while minimizing risks. To learn more about BIS Technology Group, visit bistechnologygroup.com.
You may reach out to us at: