Any IT Security professional worth their salt will always tell you that a solid defense is built on layers of technology, policy, compliance, and practice. So how confident are you about your cybersecurity environment? This blog about seven deadly Sins of IT Security might lead you to feeling greed, wrath, envy, sloth, even some stress eating (gluttony). Maybe not lust, either way, there is no judgment here.
So, let us get on with it. You know all the characters mentioned in this list. You have seen them, been tormented by them, and now it is time to cleanse them.
1. Mobile Negligence
That flashy little device that everyone carries around is a huge security risk. Hackers are increasingly targeting mobile devices to steal data (emails, contacts, corporate data, financial information) and send premium-rate SMSs to eat into your bandwidth. Android devices are more vulnerable to threats compared to iOS.
Solution:
A) Enforce secure passwords, block unwanted apps and enable corporate email and WiFi
B) Reduce the risk of data breaches with remote wipe and anti-theft technologies
C) Secure Android devices against mobile malware using antivirus engines
2. Mac Malice
Macs are gaining ground on Windows in corporate usage. Unfortunately, many Macbooks aren’t adequately protected against malware and data loss. Despite all its advantages, Macs can be just as easily infected as your PCs. Macs also play host to Windows malware and spread it across your network to all your Windows computers.
Solution:
A) Maintain a cross-platform protection that can be managed through a single console
B) Enforce user-based policies across devices and platforms
C) Secure your Macs against latest threats
3. Unsecured WiFi
You put an access point in your office, and you will have a WiFi Hotspot in no time. Then come along all these devices that want to connect – smartphones and tabs that belong to your employees and laptops brought in by the visitors. Do you know where those devices have been? And if your hotspot provides full access to your corporate network, that could mean access to more data than you intended. If you don’t protect your wireless network, it can open the door to threats.
Solution:
A) Install secure wireless access points
B) Enforce your standard network security policies across the wireless network
C) Block undesirable websites and unsecure mobile devices
D) Set up separate hot spots with different strategies for different groups with customizable network access
4. Unencrypted Email
Your Internet typically traverses the web in plain text format. It’s like sending a postcard in the mail. Anyone with the means—government agencies, ISPs, webmail providers, hackers, advertisers, and even your competitors can take advantage of this and steal sensitive data, facilitate identity theft, access credit card/s information, or provide more targeted advertising. We are in the middle of an email snooping epidemic, and unsecure mails have become a liability.
Solution:
A) The best practice is to combine DLP and policy-based email encryption
B) Set up a security barrier that will detect sensitive information leaving the organization by either blocking or encrypting it.
5. Faulty Firewalls
It may look like an unassuming box in the server room. Still, your firewall is your network’s first line of defense: blocking port scans, thwarting data-stealing malware, controlling your social media access, prioritizing bandwidth for corporate applications… the list goes on. If your firewall can’t keep up with threats and bandwidth demands or is too complex to use effectively, you’re not getting the full potential from your network.
Solution:
A) Get a firewall that will put all the protection you need in place and efficiently.
B) Get a firewall that has extensive built-in reporting.
6. Unencrypted Files
Major corporations such as Target, JP Morgan Chase, and The Home Depot have suffered data breaches that were devastating. Smaller companies suffer the same fate with less fanfare. No matter what the size of the breach, your reputation, and customer loyalty can be damaged beyond repair. If you are not securing company data and client information, your customers will flee even if your business escapes the wrath of regulators.
Solution:
A) Deploy easy, reliable full-disk, and file-level encryptions
B) Protect data on multiple devices and operating systems, without slowing out your users
C) Manage your native full-disk encryption in both Windows and OX X from a central console
7. Flawed Web Filtering
Web filtering used to be easy- block out all the pornography, gambling, and extremist content, and you are relatively safe. But today it is no longer enough to keep employees out of dangerous websites- 80% of all web malware is now hosted on legitimate websites that were compromised. Hackers compromise thousands of new sites every day, using sophisticated techniques to keep their malware from being detected. You can get infected with malware by browsing a hacked website that might have been safe the day before, without even knowing it.
Solution:
A) Get an appropriate and advanced web malware protection that prohibits content with URL filtering with policy enforcement
B) Scan your content using the same web malware protection in real-time before it reaches the browser
We know that task to keep a check on where sensitive data is flowing, but if you do not, the above-mentioned deadly sins are always around, ready to hurt an organization.
To know more about cybersecurity, you can download our latest whitepapers on Security.