3-Security-Threats-Businesses-and-Organisations-Seem-To-Forget

3 Security Threats Businesses and Organisations Seem To Forget

Are you overlooking the obvious threats?

Key Takeaway

Seemingly harmless and less obvious applications or software could be some of your biggest security threats.

Organisations put a lot of time and effort into securing their network, not only man hours but the ongoing costs that are required to ensure a secure network. An organisation’s worst fear is data loss, or even worse, data theft.

____________________________________________________________________________________________

Featured Course
Information security is everyone’s job !

Certified Information Security Manager (CISM)

____________________________________________________________________________________________

Security loops

A lot of money is spent on hardware to stop this from happening. For example, security measures such as ID passes on building doors prevents unauthorised access to areas of the building where potential data theft could occur. This is well and good but there are other areas which many organisations forget.

Have you ever considered that it might actually be the small and insignificant software that may be the doorway into your network, potentially putting all your data up for grabs?

What about current staff? They already have access to the building. What’s to stop them from stealing data? What access do they have on the network?

Have you ever considered that it might actually be the small and insignificant software that may be the doorway into your network, potentially putting all your data up for grabs?

Many of you may already know about this idea – the principle of least privileges – which ensures that staff have the permissions only to perform the jobs they are employed to do.

Memory sticks! I am sure you have heard news that there have been occasions when big government organisation officials (who have names, numbers etc. on a memory stick) who have inadvertently left it behind on a train ride. Do you protect your organisation from such occurences?

Staff Privileges – the Principle of Least Privileges 

Many of you may already know about this idea – the principle of least privileges – which ensures that staff have the permissions only to perform the jobs they are employed to do.

Let’s see an example of this.

“A postman should only need access to their vehicle to complete their job. Their job being delivering parcels. They will move the post from the post office depot to your house, nothing more. They will not worry about what’s in your house, or what your neighbour does for a living. The only access they need is to enter their vehicle.”

It’s likely your IT team shares the work allocated, perhaps focusing on specific areas depending on their areas of expertise. Does your exchange guy really need access to the backup server? Probably not, and on the odd occasion that he does need access, he can speak to your backup guy about it.

Run Vulnerability Scans Regularly to Catch Security Flaws with Outdated Software

Who would put Adobe Flash Player on a list of suspects when your network is hacked? I’m guessing not many. In fact, it should be near the top.

In my company, we have actually removed Flash player completely from our network. In recent versions of Adobe Flash, there were major security risks that came with the software that left our network unsecure.

Like I said, in the introduction, some organisations forget about the smaller, less obvious applications which could be disastrous in terms of security. Software such as Flash and Java are constantly being updated and patched. Therefore, keeping up with this on a network is so important. The issue with this, however, is that you may find yourself spending all your time keeping the software up to date. This, in itself, could turn into a full time job!

Memory Sticks – Small but Deadly in Regards to Security

Do you know exactly what your staff are copying to external storage? Is it commercially sensitive information? More importantly, do you actually have anything in place to stop staff from doing this?

In our organisation, we have created a policy that all memory sticks remain read-only unless they are encrypted with bitlocker. This will avoid any embarrassment if removable media is left on the train. Pushed out using Group Policy, this ensures all machines are compliant.

As you can see, I have touched on three seemingly trivial areas, ones which can very easily be overlooked. Yet, it is easy to resolve these security risks and keep your network secure.

If you think this post is interesting, please help spread the word – share this!

Sign up to our newsletter for free





There are no comments

Add yours

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x
freshmail.com powered your email marketing