Security leaks regarding sensitive data made headlines in 2014 thanks to hackers and thieves who exploited systems at Target, Sony, Home Depot, eBay and Apple's iCloud, among others. Despite these massive data breaches, many companies have yet to mitigate security risks that could lead to such thefts.
Jennifer Lonoff Schiff, writing for CIO, indicates several ways firms can protect themselves from data leaks. Schiff interviewed dozens of IT and cybersecurity experts to find the best tips for companies to prevent security risks. Rogue, and possibly disgruntled, employees represent one of the biggest security threats, especially former staffers in the IT department. As soon as one of these employees leaves the firm, terminate access from that person's company account and disable any sensitive passwords. Then, track any unexplained activity coming from unique credentials to quickly respond to any possible hacks.
Careless workers can create huge security risks without even knowing it. Someone may leave an unlocked iPhone in a taxi or at an airport. Other employees could visit hacked websites or open suspicious emails and then a computer system falls victim to malware. Hackers frequently use keylogger programs or other malicious programs that let other users control a computer. Once a hacker has control of a computer, that person may find sensitive data and dig for other, more valuable targets within a company's intranet system. Train employees to avoid websites and emails that could harbor invasive programs, and have your workers shore up weak passwords on company accounts.
Personal handheld devices used at work create unique security risks since personal devices may not be regulated by an employer's work environment. Show each employee your "BYOD" policy, and closely monitor company-owned accounts on personal mobile devices such as smartphones, laptops and tablet computers. Even applications stored on personal devices can pose threats to a company's internal network.
Encryption became a huge buzzword after data breaches. Lack of 256-bit encryption methods, especially through third-party cloud computer storage, mark massive security risks if someone breaches the cloud program. Make sure your company has relevant encryption to safeguard your computers when data gets transferred between computers and cloud programs.
Outdated hardware, with unpatchable software, becomes huge security threats when companies announce certain programs are no longer going to be updated. Microsoft frequently announces when support and updates will no longer happen. Replace such devices as soon as possible, or use vulnerability management software, to identify possible holes in your hardware.
Third-party servers remain vulnerable when they do not use the best security practices. Always validate another computer's security certificate, authenticate credentials of each user and monitor all remote access activity from third parties to prevent headaches later.
Even with the best mitigation strategies in place, some security risks may still leave your company vulnerable. However, with a well-defined set of protocols, software and solutions, you can have a workable environment with knowledgeable employees that saves your customers from cybersecurity breaches.
Photo courtesy of Pixomar at FreeDigitalPhotos.net