Knowing your weaknesses – identifying the most vulnerable parts of your network?
Published On: March 10, 2020 |
Cyber security is now a top priority for any business. Reports of data breaches still crop up in the press on a regular basis, and with the penalties for failures higher than ever, the damage a security incident causes may be devastating, both financially and reputationally.
Yet no matter how closely you pay attention to improving your security, the old adage that you’re only as strong as your weakest link still holds true. However, this presents more challenges for businesses than ever, as the sheer number of links they have to deal with throughout their network has been growing hugely in recent years.
But in order to protect these devices, you first have to know what they are and where they are – and with today’s sprawling IT environments, this is easier said than done.
Therefore, if you have any of the below devices within your business – and you almost certainly do – you need to be paying particularly close attention to them to ensure they aren’t offering an easy way into your network.
Whether permitted by the business or not, personally-owned smartphones and tablets pose one of the biggest security vulnerabilities for any company, large or small. If left unsupervised, employees are likely to engage in a wide range of risky behaviours with these devices, from downloading unapproved apps that could be infected with malware to connecting to unsecured public Wi-Fi networks.
Last year, for example, researchers identified 172 infected Android apps on the Google Play Store, which had been downloaded more than 335 million times between them – and this was just one study. If you aren’t keeping close control of devices used to access business data, can you be sure your employees’ devices are clean?
Consumer mobile apps
Even if you do put in place tough policies for the devices able to connect to your network, you still need to pay close attention to the services employees use to exchange information. For example, do you know if your team is uploading files via a consumer DropBox account so they can be more easily shared with colleagues – and if so, who has access to them? Have sensitive customer accounts been casually discussed on WhatsApp?
Even if the services your employees use promise strong encryption, it’s impossible to be certain that any data shared on these platforms is safe from hackers or prying eyes.
One frequently overlooked risk is that of USB devices, which are still one of the most commonly-used ways of transporting large files. Indeed, according to encrypted drive manufacturer Apricorn, almost nine out of ten firms (87 per cent) use USB drives, but fewer than half have a policy in place for lost or stolen devices.
However, it’s not just the risk of devices containing sensitive data being lost or stolen you have to worry about. There is also the danger that an unapproved USB drive could be carrying malware that can infect an enterprise computer when inserted – and a firewall can’t protect you if someone carries an infection through the front door.
Finally, one especially fast-growing threat is that posed by Internet of Things (IoT) devices, which are frequently making their way into enterprises. However, there remain very few industry standards for security on these items, which can range from environmental sensors to smart speakers, so many of them may offer a range of vulnerabilities, from poor encryption to weak default passwords, which hackers can use as a backdoor into your network.
Find out more about the cyber security threats you’re facing in the current landscape and how to combat them in our new white paper.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.