Each day cyber criminals pour a cup of coffee and sit at their keyboards ready to attack. The attacks are digital in nature, but have long-term, and costly, effects on your business. Today's IT managers and decision makers need to be armed with tools to combat cyberwarfare. In this post we will outline the top IT security threats to your business, and how you can prevent hackers from taking control of your assets.
Security Threat #1: Poor Network Maintenance
In an earlier post we highlighted the true cost of poor network management, but what are the components of network infrastructure that IT Managers, and decision makers, should be addressing? Establishing a clean process for managing your network should be the key ingredient in preventing poor maintenance. Policies should be created for who is responsible for IT. Perhaps the network is the responsibility of an entire IT department, and rolls up to an IT Manager or CIO. Or, more commonly, the responsibility of IT could fall on a President, CEO, or CFO. If the responsible party is not familiar with IT then the business should consider a Managed Services Provider (MSP) to support the various components needed to securely manage network infrastructure.
Once the responsible party is identified it's important to conduct a technology refresh to determine if your business owns any outdated hardware. Outdated servers could be vulnerable to cyber-attacks. Outdated software is another common vulnerability. Document each piece of hardware and software your company is currently using, and determine the technologies that should be updated. Consider renewing, or adding, extended warranties to save on cost where applicable. If this process appears daunting, engage your MSP in designing the technology refresh for your business.
The final, and extremely vital component of proper network maintenance is applying application upgrades, or patches, in a timely manner. These upgrades typically exist to provide protection from newly formed ransomware and other cyber security threats. If your applications are outdated you may be creating a doorway for cyber criminals to enter your network. If your organization is rapidly growing, consider outsourcing this process to your MSP to save labor, and ensure your updates and patches occur as soon as they're released.
Security Threat #2: Phishing Attempts
No, we don't mean a band from Vermont, or a day on the river. Phishing is an act whereby attempts are made by cyber-criminals to trick individuals into sharing one's personal identity information such as an account number, password, or credit card information. Phishing attempts typically occur when a user receives a fraudulent email message that appears to be from a legitimate sender. These messages often direct the user to a spoofed website where questions are used to gather the users' personal information.
Common examples of phishing include: asking for the user to update one's account information on a spoofed site, asking for the user to "reply to this email" with a password or other identifiable information, or asking for a wire transfer of money. Legitimate businesses will never request personal information via email. As a best practice, users should hover over the senders email address to verify if the email is coming from a legitimate email domain. Additionally, links or files should never be opened by an unverified sender. As a final precaution – users should never open a file unless they're awaiting that specific file from an identified sender.
Security Threat #3: Social Engineering
Social engineering is somewhat related to phishing except the tactics used by the cyber-criminal are psychological in nature, and typically involve a physical action by the victim. Social engineering attacks prey on the personal biases and good nature of the victim. The most common social engineering attempts occur over the phone and involve the cyber-criminal asking for personal information. Other attempts involve the cyber-criminal posing as an authority such as a police officer, IT security officer, or alarm system technician. These imposters will ask for personal information in person, relying on the victims desire to be of help to the organization.
Common examples of social engineering include: posing as an auditor and requesting company usernames and passwords, posing as a security guard to gain access to a building (or a corporate computer or server room); even existing employees with criminal intentions can use social engineering to gain access to your company's network, or intellectual property. Having proper controls in place for employee access is another way to dissuade cyber criminals from social engineering.
The tactics used by cyber criminals are advancing as rapidly as technology itself. Protecting personal and business information is everyone's responsibility, and we encourage you to begin evaluating your applications and internal policies to prevent a future cyber-attack. Download our layered IT security ebook to learn how to evaluate your IT infrastructure and protocols today.