Security threats. Data breaches. Malware. They’ve never been more prevalent, thanks to the ever-increasing connectedness we all share via the Internet. Following are some scary security threats that could cause nightmares this year, along with how to prevent them.
In 2017, the biggest damage to most people will be caused by ransomware. While it’s easy to block traditional malware by using whitelisting tools like Windows AppLocker, it’s hard to prevent people from damaging their own shared data. Anti-malware is not effective against the 300,000+ new samples found every day. You have to adopt proactive measures like PoLP (principle of least privilege), whitelisting and network authentication to stay safe. Training also goes a long way to stopping company hacking.
One of the worst security nightmares is stolen bank passwords. When a hacker gets a password to a company’s ETF’s FTP account, bad things happen, like extracting account numbers and personal information about the bank’s clients. In this situation, employee awareness training is key.
Ongoing Data Breaches
Data breaches are increasing in both frequency and size. Billions of records flooding the Internet hurt us all. Sites are frequently compromised by vulnerabilities built into the code. What’s the best way to fix them? Educate developers and stop building vulnerable code in the first place.
A lot of IT teams think they’re secure because they have an IDS, Anti-Virus and proper firewalling across their networks and devices. But they’ve never looked at the logs or don’t know where their most risky data is and how people can access it. Or worse—don’t even know what they have, such as existing policies or documentation. IT teams need to be educated on the threats that are present and the risk their data holds. Security procedures also need to be implemented into the culture of the team and company and be regularly reviewed and tested. Security needs to be a core focus of any IT team; not an afterthought.
Everyone is addicted to their wireless devices (smartphones, tablets, TVs, gaming consoles, etc.). People don’t care how they work as long as they do work. But they’re not “totally secure,” even if they’re using secure encryption like WPA2. Networks can be broken into easily, especially if a Wi-Fi password is weak (made up of less than 14 characters and based on real words). Make sure Wi-Fi passwords are STRONG and don’t “automatically connect” to a Wi-Fi access point. If it’s convenient, it’s probably not that secure. You might have to do two or three more clicks, but that’s nothing compared to the alternative.
Missing What’s Right in Front of You
Missing something obvious like cross-site scripting or injection vulnerabilities? Overlooking simple things like that can lead to someone gaining access to sensitive data that could potentially shut down your entire site and result in serious, ongoing consequences. To protect yourself, create awareness within the organization and train your teams. Conduct third-party penetration tests and share the results with the organization—it can put a spotlight on the risks and bring them home for people.
Security isn’t an afterthought. Or an add-on. Or a reaction. Making it an everyday part of the normal functioning of your company is the right thing to do. And security training is the way to make it happen. For more information, talk to one of the friendly Success Advisors at KnowledgeNet.