Despite the great effort of IT managers, many security incidents are the result of simple errors that could have been easily prevented. So that your company does not become a statistic, look at this list of the top security mistakes and make sure you don't make them.
1. Unprotected wireless networks
Wireless networks represent the most common security vulnerability in most companies. Think about the volume and importance of the information transmitted by wireless networks in just one day: point-of-sale transactions with credit cards, emails detailing internal company information, remote workers accessing the company's database, instant messages... and the list goes on.
The problem with wireless networks is that they cannot be physically protected. With the right device, anyone can sit outside an office building and detect wireless traffic of valuable goods. Or you can directly enter and access their systems.
What to do: Luckily, there is a fairly simple and effective solution. Apply better encryption protocols on your wireless network or choose better wireless encryption, such as WPK. For portals that need to remain open, for remote VPN access, for example, be sure to apply a secure authentication strategy.
2. Weak passwords
We know: choosing strong passwords is cumbersome. We have so many passwords for so many things and remembering a complicated series of characters is difficult. So, many of us take the shortcut of using it for years or choosing a simple one to remember it.
The problem is that hackers know this. Weak passwords are vulnerable to dictionary attacks, whereby hackers create complete lists of possible and probable passwords and test them on gateways to their network. That trick of changing the "e" to the number "3" to create a more complicated password is also known. And it appears in their dictionaries.
What to do: Develop and enforce a strict password policy for all your users, even important executives who shouldn't be bothered. Make sure the entire company updates passwords frequently.
3. Forget about deleting identities of former employees
Life is like this: conflicts exist and sometimes there are employees who leave the company on bad terms. If an employee is angry enough to perform a malicious action, they could access sensitive company data using their credentials, if they were not deleted. They don't even have to sneak away, in essence, they can walk past the front door.
What to do: Work with your HR department to define a standard employee outbound management protocol and ensure that outdated IDs are removed from the system as soon as possible. These protocols should be applied to the departure of all employees, whether they have left on good or bad terms.
4. Irresponsible use of USB drives
USB drives are practical, cheap, common, and small, which can represent a security vulnerability in two ways.
An employee could copy sensitive company information to an unencrypted USB drive and then lose it, leaving the data available to whoever finds the device. Or, a malicious person can load a virus onto a USB drive and leave it in a place where it catches the eye for some unsuspecting employee to take and try to use. By opening the drive on a machine, it could spring into action and infect the appliance or, worse, the network.
What to do: Educate your employees about the potential security risk of using USB drives. Invest in encrypted USB drives for employees who handle sensitive information and need portable devices.
5. Unencrypted notebook hard drives
With our workforce becoming increasingly remote and mobile, notebooks are commonplace in the workplace. Most employees access company files and store them over a VPN connection, but the files often end up on notebook hard drives. This represents many potential places with unprotected confidential information.
Occasionally, notebooks are lost or stolen. It is a reality. An unencrypted hard drive and the files stored there are available to anyone using the notebook.
What to do: Develop an enterprise-wide policy that regulates the security of your wearable devices. A comprehensive policy should include protocols for reporting and tracking notebook losses and thefts.
Source: HP Technology
