Do you ever feel as if you’re under attack? As a business owner, one of your constant fears may be a security breach that could negatively affect your company. Consider the harm that was recently done to Ashley Madison. The website that promotes having an affair was recently hacked, with users falling prey to personal information being leaked to the public.
While your particular business may not be a “dating” website, you still may run the risk of being targeted, and therefore should discover how to avoid certain threats. You may never find yourself actually needing protection, but isn’t it better to be safe than sorry?
Watch out for angry employees
Believe it or not, internal attacks are one of the biggest threats that face your data and systems—be careful who you trust.
Employees (especially those in the IT department) who have knowledge of your company’s networks, data centers and admin accounts can cause a lot of damage. You remember the Sony hack that took place last December. Did North Korea really breach the system? Or was it an inside job?
To avoid this situation, it will be important to identify all of your privileged accounts and credentials and terminate any and all that are no longer in use or connected to employees that are no longer with the company. As well, you should closely monitor, control and manage these privileged credentials to avoid possible exploitation.
Watch out for mobile devices
If employees are using personal mobile devices to share data, access company information or neglect to change passwords, then data theft becomes quite possible. Referred to as “BYOD”—Bring Your Own Data—companies who allow this can risk exposure from devices on the corporate network when an app installs malware or other Trojan software that can access the network connection.
To protect your company, make sure you have a policy in place for the BYOD method. Employees need to be educated on this policy, understanding what can and cannot be done on their own devices while at work. Companies should also monitor emails and documents that are downloaded, as well as implement mobile security solutions.
Watch out for third-party service providers
Some companies rely on outsourcing and vendors to help support and maintain certain systems. For example, restaurant franchisees often outsource the maintenance and management of their point-of-sale systems to a third-party service provider. Unfortunately, these third parties use remote access tools to connect to the company’s network, but don’t necessarily follow appropriate security measures. This can result in hackers gaining passwords to various networks.
When employing third-party providers, make sure that the best security measures are practiced. It’s also a good idea to enforce multifactor authentication, such as requiring unique credentials for each user. And don’t forget to disable third-party accounts as soon as they are no longer being used.
Click here to read the latest edition of Business Review USA!