5 Mistakes that Put Company Data at Risk

In the world of business, as Vince Lombardi astutely observed about the game of football, “The best defense is a good offense.” When it comes to defending the sensitive data within your network, going on the offensive is a surefire way to tackle the “unknown”.  No matter how big or small, all company networks are at risk of cyber attacks.

While still a relatively new technology, BYOD has been rising in popularity – and for good reason. The goal behind BYOD is to provide employees the freedom to use their own device at work and in most cases, to use their own apps or services.

When employees use a personal device at work, any compromise of the device could result in a data breach. As a result, many companies are just now getting around to implementing BYOD policies.

While this growing trend gives employees the ability to work remotely, saves on costs and improves work efficiency, it also brings a range of security risks and challenges in terms of securing data, corporate networks and mobile device management.

The solution? Businesses and organizations need to move beyond traditional security practices and look into technology that can help them establish BYOD policies, control access and prevent data loss.

#2) Using the Same Passwords

More data breaches are a result of insufficient passwords than any other method. This is particularly true on the admin side, where the administrator may have access to all company records.

The days of creating “easy to remember”, passwords should be over. But in reality, it’s human nature to take shortcuts. And when it comes to passwords, “the easy way” can seriously put a company at risk.

If employees have not been educated on password security, the company is at risk of a data breach. All companies, both large and small should have guidelines and standard operating procedures around the use and reuse of passwords.

Password Security 101

• Did you know…in just 10 minutes, a hacker can crack a 6-character password using only lowercase letters?

• Did you know…if you increase that password by just two letters and a few uppercase letters randomly incorporated throughout the password, it would take a hacker three YEARS to crack the code?

• Did you know…you can create a password that would take more than 44,500 years to crack by simply making your password 11 characters long and including both symbols and letters?

• TIP: How secure is my password? Get a general idea on how secure your password might be with Roboform’s password security tester. (To be on the safe side, the site referenced above analyzes passwords based on the combination of letters, numbers and symbols, etc. You do NOT need to enter your specific password. For example, if your password is ABc45*, enter CDz64# and this website will give you an idea of how safe that combination is.)

• Encourage use of password managers such as Last Pass, Roboform or Keepass to generate random passwords and keep track of them for each new account – so employees don’t have to.

• For critical resources, passwords should be changed every 90-180 days, enforcing the rules of complexity referenced above for all new passwords generated by the user.

#3) Failure to Plan for the Unexpected

We’ve discussed the importance of disaster recovery for businesses at length on our website. By going through a proper disaster recovery exercise, you can be certain:

• The RIGHT data is backed up.
• You know how to USE that data in the event of a disaster.

Many people make the mistake of assuming data backup, disaster recovery and  business continuity are one in the same, but they are in fact very different.

#4) Thinking Your Business Size Makes You Immune

“We’re a small business. We’re not likely a target for hackers.”  Do you believe this common misconception? Don’t think a data breach won’t happen to you.  Some companies, SMBs in particular, believe they are immune to IP theft or cybercrime because they feel only larger organizations like Sony will be targeted.

But according to Symantec, 31% of targeted attacks focus on businesses with fewer than 250 employees. Familiarize yourself with the fundamentals of cyber security as a first step toward strengthening your network.

#5) A “Set It and Forget It” Mentality

IT hardware and software requires routine maintenance and adjustments. Think of your IT infrastructure as you would your car. If you don’t put oil in your car, the engine won’t operate as it should.

Both software and hardware need ongoing care to ensure peak performance. With software in particular, it is important to install security patches whenever they are available. If support for a system ends, like the Windows XP operating system, security holes may exist and this is exactly what hackers will target.

Once a security hole is found, (often within the hours immediately following the release of a patch) it is exploited very quickly, so be sure to install security patches as soon as possible. Unpatched computers pose a huge risk to the company network by providing an open window for hackers and virus writers to exploit.

• The Best Defense Against Ransomware and Spoofing
• Phishing Attack Prevention
• Security Awareness Training
• Cyber Security Checklist
• How to Budget for Cyber Security
• Warning Signs Your Network is Not Secure
• 7 Password Do’s and Don’ts
• The Risk of Browser Saved Passwords
• Security Misconceptions
• Cyber Liability