Avoiding these mistakes might save your data….or your job!
As the pandemic is forcing more and more companies to do business in an online fashion, more office workers are bombarded with attacks every day. Even from home environment, the business platforms are more of a target. Companies should not have the false assumption, “oh, my company is safe, we don’t do any business online…” DENIAL!
Don’t think because you are not conducting eCommerce over the internet, that you are not a target!
Below are a few suggestions to help avoid being a successful target:
If you send or receive emails, you get SPAM. Everyone gets spam – and most of it is not dangerous. However, some emails containing links can get you in big trouble by clicking on the link. Sometimes even if the email comes from someone you KNOW (friend, colleague or boss), the email might have strange characteristics like a misspelled word here and there. You can also catch a suspicious return email address by hovering your mouse over the address. If it is an external address you don’t recognize – DON’T click on IT!
Companies need to do a better job of educating the general workforce to avoid this kind of email burglary!
This is the use of IT Infrastructure that has reached or surpassed its obsolescence and life cycle. Specifically, companies that are doing these items are inviting bad actors to infiltrate and breach their IT platforms!
- Failure to keep hardware updated (life cycle, typically >7 yrs of usage for servers, storage and networks)
- Not patching the hardware firmware
- Not patching Operating Systems
- Not having hardware (especially critical hardware) on maintenance or support
Enforcement of Password
This is the piece of using technology everyone hates to do! Making end users CHANGE their passwords on a periodic basis is another critical piece of protecting the company pie. Not having strong passwords (>6 characters with numbers and special characters) is a typical problem in MANY companies. We will jump for joy on the day passwords and login IDs go away in favor of biometric, facial or optical recognition to access any systems! But, until that time, along with Login IDs and passwords, multi-factor authentication (or 2-Factor authentication) should be deployed.
Identity and Access Management
Everyone wants to have FULL, unfettered access to any systems they access. There was a time when some companies took the position of; everything is viewable – unless it shouldn’t be. In today’s environment, everything is LOCKED, and you better have a good reason to need access to it. Many companies have excessive access rights and don’t even KNOW or realize access is wide open. Think of your access management tool, like Active Directory (in Microsoft environments), how many global and local Administrators have access to every server? When is the last time you ever saw a report that showed who has the “GOD-Like” access to all platforms? Wow – better ask internal audit!
Network Connectivity internal and between locations
If you are not using a virtual private network (VPN) or have direct point-to-point connectivity between locations (not going over the internet) – You might want to rethink your network topology. Even within your physical locations, like corporate HQ or large campus sites, what if someone unknown walked into a conference room and plugged a cable into your network and then into their laptop to upload a virus? Would they get very far?