As the onslaught of cyber-attacks continues, we must maintain awareness of the evolution of new threats. Some threats arise in new forms, while others continue as before, but perhaps with slight modifications. This article serves as a reminder for us to remain ever vigilant in our quest to remain a step ahead of cyber-attacks. It also contains some recommended network security best practices aimed at reducing your company’s exposure and risk of attack.
You may find challenge developing comprehensive network security solutions to address all of these (and more) threats with your current resources. If this is the case, you should consider outsourced network management as a solution to minimize the risk that your company falls victim to cybercrime.
As the title suggests, your company’s network and employees could be an easy cybercrime target if you recognize any of these characteristics in your company.
1. Outdated Authentication Requirements
As cyber-attacks become more sophisticated, most IT professionals consider single factor authentication (SFA) an insufficient barrier. Although most companies are still using SFA, the trend toward multi-factor authentication MFA is increasing.
Most companies using SFA require a combination of user ID and password for entry to the network. SFA is insufficient to prevent a data breach simply because it provides only one barrier to network access.
Use of MFA provides superior protection against unauthorized network access. In addition to User ID and PW, MFA combines additional barriers. Examples include ID technologies such as retina scanning, fingerprint matching, or code transmission to another device or email address.
Businesses can gain additional protection against a data breach by ensuring employees use long and complex passwords. Use password management software helps make the passwords easily accessible to employees while making it difficult for a cybercriminal to retrieve.
2. Use of Public WiFi to Transmit Confidential Data and Information
Many users believe that if a public WiFi is password protected, then the connection is secure. This is simply a false belief. Cybercriminals in many situations find ways to intercept data transmissions or download files to other computers using the PW protected WiFi.
To limit of your risk of a data breach while using public WiFi, you need to verify the level of security protection provided. You can further limit this risk by accessing your network through a VPN connection.
3. Your Company Experiences High Employee Turnover Rate
When a company experiences a high employee turnover rate, the level of exposure to cyber-attack and a data breach increases for several reasons.
- If the company allows BYOD usage, every new employee that brings their personal devices brings potential cyber threats with them. A good BYOD cybersecurity protection protocol will include scanning all employee owned devices routinely with appropriate AV and AMW software.
- High turnover increases the chances of enlisting an employee who demonstrates ‘rogue’ behavior, which means the employee operates with little regard for company policy. You can limit exposure to this risk with solid background checks, which include specific investigation of this issue with past employers.
- Frequent employee turnover presents difficulty maintaining employee cybersecurity training. When the training schedule falls behind, the company’s exposure to cybersecurity threats increases.
While circumstances may prevent significant reduction of employee turnover rate, your business need to remain aware of the increased data breach risk this situation imposes. You can then respond in ways to limit reduce exposure.
4. Out of Date Cybersecurity Software
You can reduce your company’s exposure to emerging cybersecurity threats by updating cybersecurity software as new versions become available. Companies can make this process more efficient using dynamic real-time updates as described in a previous CIS blog post ‘x’.
5. Infrequent Data Backup
A company’s exposure window to permanent data loss expands between data backup events. Automating data backup at frequent intervals reduces exposure to permanent data loss in the event of a cyber-attack.
The type of data backup also affects the risk of permanent data loss when a data breach occurs. For example, data backed up to drives that reside in the primary network carries greater risk of permanent loss than data backed up to a source independent of the primary network.
6. Use of Email Links to Access Sites with Confidential Data
You should use caution when linking to financial accounts or e-commerce sites through email. Some phishing emails appear as authentic communication from financial institutions and include links to the fake institution website. Never click on email links to websites that contain confidential data. You should enter those websites directly to avoid connecting to a malicious website.
7. Lack of Endpoint Security
Your network needs protection from all endpoints that connect. Adoption of BYOD policies increases the risk of cyber-attack and complexity of network security. If your company maintains a BYOD policy, you need to perform a thorough cybersecurity assessment related to all personal devices used on the network. Additionally you should assess your company’s policies and protocols for managing cybersecurity risk as related to BYOD.
Use of IoT (Internet of Things) devices also increases network security risk. A recent CIS blog post ‘Network Security: How Vulnerable Is Your Business?’ provides discussion on this topic.
8. Connected External Systems
Modern businesses connect to a variety of systems to conduct business more efficiently with suppliers, outbound distribution centers, and customers. As your company extends network access to external parties, you need to ensure cybersecurity protection maintains pace. Accomplishing this objective requires knowledge of the external systems’ threat protections. You should understand how data is ‘secured’ coming and going between sites. For example, you should always encrypt data before transmitting and receiving.
9. Lack of IT CyberSecurity Framework and Standards
How does your security framework and protocols address protection against the types of cybersecurity threats outlined in this article? Specifically you should ensure your company maintains and IT Security Framework and the associated Standards that clearly account for:
- Data Encryption
- Disaster Recovery
- Policies (e.g. BYOD usage, etc.)
- Enforcement for breach of security protocols
Without this framework in place, your company’s exposure to cyber-attack remains high.
10. Lack of Employee Training/Awareness on Cybersecurity Issues
When employees lack understanding of the types of threats and cybercriminals motivations and motives, the risk of attack is high. Training is essential for new employees, and updates should occur frequently.
Your employees need to understand all of the types of cyber threats in circulation as well as you company’s IT Cybersecurity Framework.
Does Your IT Strategy Adequately Address Cybersecurity?
While this article focuses on cybersecurity, we realize that a company cannot successfully address cybersecurity in isolation. All cybersecurity measures your company adopts need to prove feasible to implement without significant interruption to your business workflow. You may find challenge meeting this objective. You may realize the need for a cybersecurity assessment but do not have the requisite talents and experience on staff. In this case, we recommend you contact an IT MSP to help you determine your level of exposure and protection. A competent IT MSP can recommend and help you implement improvements to ensure your company can operate with sufficient cybersecurity protection.
…CIS can help…