If you haven’t followed the technology news lately, chances are good you missed the recent security breach news of Target and Blue Cross: Customers won a $10 million settlement against Target relating to the retailer’s Dec. 2013 data breach; in the meantime, nearly eleven million customers suffered exposure of their personal data with Premera Blue Cross.
Whether you’re a small firm or big blue chip company, data security threats have been on the rise. But why? Actually, the problem is often related to people rather than anti-virus software and gateways. Granted, new protocols to keep your network locked down are offered by some of the major security firms throughout the U.S. However, if your technicians are not updating your software, you may suffer invasion.
Plan Scheduled Updates
One of the most critical components of protecting your network can be done by simply scheduling your software updates at least twice per month or more. Again, it’s the people factor that causes companies to operate everyday while also exposing their systems to hackers. Your IT technicians should set a day at least twice per month to evaluate your current software and inquire about updates.
Amazingly, more and more companies are getting attacked through gateway breaches which should have thwarted malicious threats.
Code Script Trojans
Too often your network, website and private data was developed by outdated coding languages. Information leaks often occur in the following scenarios:
• Multiple cross-site scripting is an area where hackers look to invade. For example, the .Net coding language is prone to vulnerabilities.
• Another area to consider is if you run outdated versions of ColdFusion. Once considered the premier database management software, ColdFusion has since suffered SQL invasions as more companies invest in big data systems.
Unauthorized VPN Access
Another part of your network to review is your VPN permissions. Face it. Every company has vendors and customers who sometimes have administrative credentials to access parts of their networks. The problem for some are these types of exposures can become a threat.
Many companies leave the task of updating their access credentials to lower-level IT techs. Bad idea. Remember, your network is only protected if your doing regularly scheduled audits of your authorized users.
Management of Users
Do you know how many users can access your data? Chances are likely you don’t. The problem many companies face is the challenge of monitoring network access by un-authorized users. Remember, people are always going to attempt to infiltrate your data. How you monitor and react to intrusions is your best defense. We recommend you develop a master list of authorized users (employees, vendors and customers) and the permissions of their credentials.
It’s not enough to wonder who’s accessing what parts of your systems. Instead, smart IT security managers employ vigilant evaluations of all users.
Poor Password Strength
If there’s one area you need to assess, it’s your user passwords. Too many are often chosen for memorability rather than security strength. Although it’s simple to remember ‘1234’ or variations of memorable characters, your users need to embrace alpha-numeric complexities.
Your best defense is to meet with your network security administrators to develop a core set of robust password parameters every user should adhere to using. For example, a highly-complex password like ‘C^d!4dj~vyQa’ is far stronger despite the effort it takes to input.
If your company uses roaming profiles for your employees to use multiple work stations, we advise you to consider mandatory password updates at least once per month to protect your networks.