Experts estimate the recent IT security breach at Target cost the company $148 million dollars. At the same time, the Heartbleed vulnerability put millions of users at some of the world’s most popular sites in danger of having their passwords compromised.
While these events have gripped the headlines, most data breaches are not the result of pervasive software problems like Heartbleed or sophisticated, large-scale attacks. Instead, they are caused by vulnerabilities created and worsened within the target enterprise itself.
IT security does not come from any one policy or piece of software. Instead, business leaders should imagine it in terms of “deep security,” an environment where multiple forms of protection combine to safeguard crucial assets. In many cases, assets are compromised by human error long before an attack takes place.
Everyone in an organization has a role to play when it comes to data security. Leaders whose teams interact with sensitive data on any level must be prepared to recognize and take action against security problems even if their duties are far outside the scope of conventional IT.
Let’s consider the top office security mistakes:
1) Not Being Alert to Physical Security
Automated safeguards, such as firewalls, can lull workers into underestimating the risk of having their data physically accessed. One of the most common physical security blunders is leaving passwords written down on sticky notes on or near computers. Desks and office doors should be securely locked after hours.
2) Not Securing USB Drives
It is easier than ever to carry work from one computer to another using USB “flash” drives. However, convenience has a price: Viruses can travel from home computers undetected. The most secure environments ban USB drives entirely. If drives must be used, make sure they have on-board virus protection and use passwords in case they are lost or stolen.
3) Not Using Appropriate Safeguards With “BYOD”
Now that more than half of all American adults own smartphones, “Bring Your Own Device” is a reality in many workplaces. A patchwork of different private devices can cause all kinds of security headaches, so ensure all devices are equipped with basic safeguards before they can access your network. Most importantly, insist on a modern antivirus program set to check for updates daily.
4) Not Purging Data from Old Equipment
Most hard drives do not completely erase deleted information, but instead wait for that data to be overwritten as new data is created. As equipment reaches the end of its life, it should go through a thorough disposal process. Formatting a computer isn’t enough: also make sure specialized software is used to overwrite your deleted files with “junk” data that makes your information impossible to retrieve.
5) Not Using Appropriate Encryption
The connection between your corporate intranet and the wider Internet needs a strong firewall, of course, but safety doesn’t end there. Any and all connections by employees working remotely must be encrypted as well. As recently as 2012, more than half of all “data harvesting” attacks by hackers targeted data in transit, including data on its way to off-site employees.
6) Not Keeping Employees Up to Date
“Phishing” is a global dollar criminal enterprise because people routinely fall for it, handing passwords, bank accounts, and other sensitive data to suspicious websites. Employees must be trained to spot the signs of data collection attacks by email, instant message, and even by phone so they will not inadvertently cause a crisis.
Creativity and vigilance are the cornerstones of IT security in the modern workplace. Motivating every member of the team to see security as a vital part of daily operations will improve your security posture enormously.
No comments:
Post a Comment