With regards to last year’s WannaCry ransom-ware attack that was suffered by European businesses and hospitals, cybersecurity is still very much an important topic for discussion even in the mainstream press. It should be more important than ever that companies improve their network security after events like that outbreak.
Every day there are security risks to a system and although most of them are not nearly as wide spread or dangerous as the WannaCry attack, it is a very real and constant struggle facing off against these attacks. Interestingly though, huge corporations and even smaller ones too, who had seemingly good security in place still suffered because of threats.
How then can your company make sure it avoids its systems being breached by hackers and viruses? Wr recently had a chat with Digital ID who are the UK’s largest ID card company. One of the key areas they will be addressing this year in terms of security will be to review the most common mistakes companies make when it comes to cybersecurity, who has access to their data and what would happen if their systems were to be compromised, and with this in mind we highlighted a few things you can also do below that will help keep your business secure.
Complacency is perhaps the biggest cyber security threat facing many companies. Cyber criminals are diligent and patient and spend a long time prodding and poking at defence systems until they can find a weakness. As technology in general continues to evolve, so too does their abilities.
It could be seen this way – that the network security for a company is only as strong as the weakest link it has. When security is complacent, a company is open to threats from the diligent hackers that constantly outdo themselves. You may be pleased that a security breach has yet to happen to your company, but that doesn’t mean it won’t in the future. Therefore, it is vital that you are knowledgeable about the latest developments in security measures and take a preventative approach to cyber security.
Failure to Utilise Security Features With All Connecting Devices
With the fact that more and more devices are now able to connect to the net and the establishment and development of the IoT, a seasoned cyber crime expert can find appropriate back doors to access a network. Without sufficient security measures in place such as using security cards to reduce access to networks and hardware. Each and every access point to the internet could be a liability for a company. Whether it is something like a Wi-Fi-enabled fridge or a POS location, anything and everything that can get online should be included in the cyber security systems a company uses.
If it isn’t, a business could make a name for itself being the one company in the world that lost secure customer and staff data because the washing machine on site did not use a secure enough internet connection.
Neglecting To Update Networks
There are two basic forms of updates for security – the updates issued by the manufacturers of hardware and software and the ones internally created. It is vital to update a network, but this is not often done as quickly as it should.
If a company has an undermanned and underfunded cyber security and IT department, it may not have the necessary time to install updates and patches as soon as they are available. This is a problem, mainly because companies tend to release updates as soon as security flaws have been identified.
When a company has located a security flaw, it means a cyber criminal will soon, or may have already, identified the problem. Often hackers work backwards to identify where exactly patches have been installed and just how they improve security measures for a piece of software or hardware, operating system or even network.
One a cyber criminal knows exactly what is corrected, they can develop a way to worm into the network that has not installed the update yet. Installation should therefore happen as soon as possible, whether it is Adobe’s latest patch for Creative Suite or an operating system update from Microsoft.
Other security issues related to updates are connected to programming that has been specifically conceived and written by cyber security or IT departments of companies. It is not enough to just write and use these with a network – they need to be scanned and tested regularly for weak points. When a weak point has been detected, an update should be put together as soon as possible. Although these weak points are more difficult for hackers to spot as they are not looking specifically for these issues, compared to with mass software updates where they can spot the precise issue that has been dealt with it is still important to update the network to reduce the threats.
Relying Solely On Anti-Virus Software
Although it might be okay for home users to rely mainly on anti-virus programs, a company taking this approach to cyber security is more susceptible to attacks. The vast majority of anti-virus software suites are only designed to detect malware that is attacking. As only 40% of attacks to computer systems is thought to come in the form of malware, this is obviously a problem.
No-one is saying you shouldn’t make use of anti-virus software. It should definitely be part of a company’s defence, but it should just be a portion and not the whole thing.
Data in a network is similar to blood flowing through our bodies. The data is important to the survival of a company. Understanding where it comes from, where it is going and what it does on its journey is crucial to the security of a company’s network. Data mapping is used to identify each and every file kept on a network, everyone that has viewed it and its interactions with other files stored on the network. All this and every other detail about it.
Mapping data flow helps to identify patterns in the data. It is possible that comprehensive data mapping could have prevented the WannaCry ransom-ware attack. That particular strain of malware was designed to make communication with the original host at different intervals, which made it hard to detect. Data mapping could have identified that random files having communication with external hosts was a red flag. Which could have enabled cyber security teams to further investigate matters.
Valuable insight can be gained from beta testing. Whether it is simply a new game or an operating system, this testing puts the software or hardware through the strains of being used on a daily basis. It can help to detect potential problems, giving design teams the chance to correct the issues before the software or hardware is released en mass. Security testing is carried out in a very similar way. Before the release of a new or updated security feature or program, it should be tested thoroughly. Remember, cyber criminals are diligent and patient and will prod and poke at something until they find a weakness.