As companies invest in technologies, like mobile or social, their security exposure grows. Mobile, in particular, creates a big challenge for businesses because it creates a scenario where data is accessed outside of the enterprise. Social media also creates a big exposure. Both of these technologies blur the line between personal and business, and as a result, employees don’t always realize when sharing or receiving corporate information on a personal device that they may be inadvertently sharing sensitive information.
Third Party Vendors
In today’s business climate it’s rare when you come across a business that doesn’t contract with a third party vendor on some level. Third party vendors offer a multitude of upside and possibilities, but they also come with an enormous risk exposure. A security breech can result in the company losing or compromising vital business data, financial and regulatory penalties, a damaged reputation, and ultimately a loss in business. To further add to the problem, managing the risk for an entity that is not directly part of your organization can be very difficult.
To reduce this risk, you need to start by vetting your third party vendors. No matter how long you’ve done business with a third party vendor, or how much you trust them, it’s important to access their security standards and practices on an on-going basis. Make sure their standards, at a minimal, align with those of your organization, and that they regularly perform internal security audits and implement the latest software patches. You also need to ensure the vendor is performing regular data backups and that they have a redundancy plan in place to avoid interruptions or loss of data in the event of a hardware failure.
Businesses everywhere are being targeted by hackers. Size, type, location, or revenue don’t factor in to who they choose to target. What they are looking for is an easy target. So what are the things that make a company an easy target? The most common threat comes from malware, which usually infiltrates the system when an employee clicks on an email link that is part of a scam or visits an untrustworthy website. The emails hackers use to trick employees into clicking a link or visiting a site (known as phishing emails) are very convincing and look authentic. Although this risk also falls under the employee risk category, and needs to be addressed through education, it’s equally important to implement an anti-virus and security protection software for all devices and endpoints. This software will provide another layer of protection if an employee does click on a fraudulent link.
Another vulnerability that makes businesses an easy target is having outdated systems, including operating systems and browsers. It’s very important to remain current with your operating system patches, and to be aware of any software or applications you are running that may fall into the unsupported category. Typically software providers publicize a date for any software they are going to stop supporting. This communication can be a good or a bad thing. It’s a good thing if customers pay attention and take the necessary steps to protect themselves. It can be a very bad thing if customers ignore the announcement. You can bet hackers are tracking these potential vulnerabilities and are looking for ways to exploit them as soon as they can.
Next up in the security suite: “Data Management and Setting a Plan”