While using leading cybersecurity software is highly beneficial to preventing cyber-attacks and reducing risks, there are some things your company may be doing inadvertently to compromise security. In a world of ever-advancing technology and development, many company leaders often get lost in the bustle and get swept up in the sea of popular buzzwords at any moment. They forget about the simple, fundamental information security risks present in everyday business; the security holes that constantly lead to breaches that invariably lead to loss.
These are 15 significant reasons that many businesses' security gets compromised today -- and they're all preventable.
Out of Date Software
Often the employees will try to keep their software updated but are thwarted by overactive security protocols that don't allow them to do so. Companies tend to neglect simple software updates; this can and will develop into a massive security hole over time. Software should be checked for updates daily; it only takes a couple of minutes for most systems.
Tell us what you're looking for and we'll offer you personalized software recommendations.
Refusal to Upgrade to Newer Software
While failing to update software is an issue of negligence, refusing to upgrade your cybersecurity software to newer, better products are just as heinous an error. Not only are many security risks due to vulnerabilities in specific applications, but productivity is also to consider. Some products are better than others, and many are cost-free (like web browsers).
Poor to Non-Existent Spam Filtering
It's frightening to see how many businesses still go on with a total lack of proper spam filtration, and many supposedly protected aren't far off. With products available like Google Mail for Business, there's no reason to allow spam to threaten your business continuously.
Users Opening Unsafe Email Attachments
While threats like this can be mitigated by effective anti-virus and anti-malware software, they're still threats. Allowing employees to open and run executable files sent to them from external sources is always a bad idea.
Employees Taking Company Data Home
The worst security breaches in history have been at the hands of trusted employees. Many companies think allowing their people to take their work home with them is standard practice. There is no end to the problems with this practice. People can be compromised, and while they may work for the company, their families don't a. Even an employee's child can access sensitive information alone with a company computer.
Loss of Data Storage Devices
Even assuming that employees will act in the company’s best interest and take home with them, there is no accounting for crime, disaster, or accidental loss. Cars are often broken into for the laptops contained within, and many USB thumb drives have met their end in a crosswalk or been found by unwary bus travelers after falling out of their owners' pockets. Even if it's thought to be destroyed, devices can often yield information for data-recovery efforts. Company data is best left on company grounds.
Loss of Controlled Access Badges
Companies smart enough to secure their buildings often let down their guard after the fact. Unfortunately, controlled access becomes easy to access when a company no longer monitors who uses the access badges to gain entry. Loss of these badges needs to be kept to a bare minimum, and employees need to report these losses swiftly to ensure not only information security but the physical security of the company assets.
Unfettered Personal Web-Browsing
Unlike allowing employees to download and open executable files in email attachments, uninhibited web browsing is a massive hole in information security for any company. Firewalls should be set up to disallow access to sites known to be malicious or deemed too risky for the users to behave responsibly. Many products are equipped with self-updating lists of these threats.
Poor Physical Security for Equipment
This can be as simple as locking the server room door or, in many cases, having a separate, locked server room. Many companies fail to understand the importance of maintaining their data’s physical security and securing the data itself. For many of these companies, it can be easier for an individual to enter the building and interface with the system in person than to gain access through the network.
Outsourced IT Support
Many companies outsource IT support staff, not because it's more efficient but because it's more cost-effective. This is akin to handing not just the keys to your house over to strangers but all your bank account information too. Outsourcing has little to no accountability, and dealing with your company's information security is an unacceptable risk.
Employees Not Trained in Proper Information Security Practices
One of the biggest mistakes companies still makes today can easily be remedied by proper employee training and better education. Teaching employees exactly why they must follow information security protocols can help ensure they follow those protocols when the boss isn't looking.
Employees' Passwords and Screens Not Policed
Unfortunately, even with good instructions on information security, employees will always relax over time. Companies must ensure that their employees are always mindful of the absolute basics; locking their screens away from their desks and using strong passwords. They need to be required to change their passwords frequently, as well -- at least every 90 days.
Off-Site, 3rd Party Data Storage
We're not about to say that off-site, 3rd party data centers are wrong. Companies should be mindful, however, that using such facilities is inherently a risk because their data is no longer in their hands. They should be sure to choose which data centers to entrust their data to very wisely since it takes only one criminal or negligent employee at the data center to put multiple companies at risk all at once.
Improper Disposal of Information
Most companies are under the impression that they have a paper-shredding policy when their employees rarely shred anything due to the extra work involved. Companies should police their employees to ensure that no paper is ever disposed of without at least shredding it first. This ensures that no sensitive information can ever be recovered from the trash bins or disposal facilities.
Lax File Permissions
One of the most often overlooked information security practices is proper to file permissions. There isn't any reason for most employees to be able to change or even read a significant portion of data. This data should be protected by limiting users’ read/write access rights. For most files, that means only superuser accounts should have access.