Frequent but avoidable mistakes too many organizations make
If you or your business haven’t been the victim of a cyber attack, count your blessings, but don’t think you can maintain your immunity forever. Cyber attacks are on the rise because perpetrators have the edge and are highly motivated. Individuals and organized hackers take advantage of the lax security measures too many people and companies employ leaving millions of dollars and personal information ripe for the picking.
There are certain mistakes that organizations commonly make for which we offer suggestions to reduce the risk of an attack.
- Tighten your current security system. Your system and all the software your organization uses offer guidelines for maximizing security controls that you should follow. Some are as simple as turning off unnecessary services or using the lowest privileges settings.
- Use patches. All it takes is a tiny hole in your system for hackers to poke their way in. It’s critical to run regular scans of your security system and all software to keep them updated with patches.
- Protect outbound data. Just as you protect your system from incoming malware and bots with a firewall, you need to make sure certain data never leaves your system. It’s important to focus on egress filtering, to prevent rogue employees or employees making honest mistakes from releasing sensitive data or malicious software from your network.
- Raise awareness. It’s important for everyone in the organization to be savvy and alert about security issues. This means watching for phishing scams sent through email and messaging apps that appear bonafide but are actually attempts to retrieve credentials or sensitive data or release malware into the system.
- Be smart about passwords. Most organizations have password policies that address reuse and strength of user passwords. But one area that often is overlooked is the local administrator’s PC password is the same as the password used on servers. It wouldn’t take a hacker long to infiltrate the entire system and create internal and external havoc with that information.
- Don’t ignore physical security. Just as you wouldn’t leave your car keys in the ignition of your car for thieves, you shouldn’t leave ID badges, credit cards, personnel and financial files, and cell phones/tablets lying around. Staff should be trained to keep these items on their person or locked away when not in use.
- Encrypt data. All PCs and personal information stored in databases and on servers should be encrypted. This is the best way to protect against hackers gaining access to sensitive data.
- Purchase a Cyber Insurance policy. If you do experience a cyber breach, a solid Cyber insurance policy will cover your losses and costs to repair the damage.
Taking stock and knowing your company’s vulnerabilities is the first step toward cyber security. Planning ahead for a guaranteed attempt by hackers to infiltrate your system is the best way to thwart them.
Call 800-622-7370 or go online now for a Cyber Risk insurance policy quote.
Source: Asher de Metz, “7 Common Security Mistakes.” Disaster Recovery. Vol. 27, No. 4, Fall 2014.