Cybersecurity should be near the top of everyone’s mind. Companies large and small need to stay on top of security issues to protect their data, their business, and their customers from attackers.
Unfortunately, everyone makes mistakes. However, an innocent mistake can open up the business to catastrophic consequences.Learning from the mistakes of others can be vital for avoiding the same fate. So, here are some security mistakes you definitely don’t want to make:
Forgetting to Update Security on ANY One Server
Back in 2013, JPMorgan Chase, one of the biggest banks in the country, forgot to update the security protocols on a single network server. While the rest of their servers had two-factor authentication, this one server only had the single authentication setup.
Hackers managed to steal one employee’s account access credentials, and the attack was underway, quickly compromising tens of millions of customers’ account details. The breach became a huge embarrassment for the banking giant which was covered in detail by news outlets across the country.
Failing to Spot Important Security Alerts
Retail giant Target had some explaining to do after it was discovered that a group of hackers had uploaded advanced persistent threat malware to their network that captured the payment card info details of millions of their customers over the course of several weeks.
As noted in a Bloomberg article after the breach was discovered, “On Saturday, Nov. 30, the hackers had set their traps and had just one thing to do before starting the attack: plan the data’s escape route.”
It was around this time that the breach was detected by the security firm Target had hired for their compliance. The problem was that the alert went unheeded. The weeks this missed alert bought for the hackers would prove decisive as it allowed them to finalize their escape route for the data.
Faster, more timely reactions to the initial security alert might have protected millions of payment card accounts from being stolen.
Sending Sensitive Data to the Wrong Person
Email is a great communication tool for businesses, allowing remote departments and personnel to collaborate with relative ease regardless of distance. Newer tools and apps for team collaboration help to make it even easier to share critical updates, set schedules, and send important files and links.
However, it’s also all too easy to accidentally send the wrong person information with these convenient collaboration tools. All it takes is one employee accidentally CC’ing his good friend Mark Schrader on an email with sensitive documents attached instead of the VP Mark Sheen for a potentially devastating data breach to occur.
One way to prevent this mistake is to ensure that employees don’t add non-employees to their work email lists or other networking accounts. Also, tools such as Gmail’s “Undo Send” option puts a delay on sending emails so that if a mistake is spotted, the send action can be cancelled before the email goes out.
Relying On Just One Security Layer
No single security solution is EVER enough. Whether it’s firewall, encryption, two-factor authentication, or antivirus, even the best solutions cannot stand alone against the millions of threats to business data.
Businesses that rely on a single layer of security are leaving themselves vulnerable to attack.
While no protection setup is absolute, the more layers you can put between your data and attackers, the better.
Forgetting to Background Check Employees
Security standards such as PCI’s data security standard make employee background checks a core compliance point for a reason.
That bright, eager young applicant with impeccable references and the right amount of experience could be hiding a few secrets. Although a single event in an applicant’s past shouldn’t have to haunt them forever, companies need to know who they’re dealing with.
Background checks can reveal important details about an applicant, such as past offenses and their current credit status. Knowing this information helps companies sort their applicants into high-risk and low-risk employees.
Avoiding the above security mistakes can be a challenge for any organization. However, having the right secure cloud service provider can make things easier.
A strong secure cloud partner can provide managed services for not only updating security on your infrastructure, but provide swift response to security breaches using advanced intrusion prevention systems and many other strong security layers.
Some cloud service providers even offer firewalls that can block internal traffic from sending sensitive data to IP addresses outside the network.
While some elements of maintaining security, such as performing background checks, will always be the responsibility of the business, having a cloud partner with strong security can make maintaining security far easier.
