The biggest threat is from within
Frequently, businesses are obsessed with guarding themselves against attackers. However, they don’t usually consider the possibility of their systems being compromised by employees. Company employees are often one of the biggest cybersecurity vulnerabilities within organisations.
Attackers know this and disguise themselves as employees to gain access to company systems. But how do you know the difference between sheep and wolves in sheep’s clothing? Deep analytics and Artificial Intelligence can help. Whenever a change from the regular usage pattern is detected, notifications should be sent to the IT supervisor who has the power to let the user continue accessing the files or deny him/her usage instantly. There is no reason for someone from the accounting department to access data that is not directly related to their job function.
At another level, you could have a well-written IT policy that specifies what kind of data can be accessed by which personnel. For this, you also need to know what you need to protect.
One common mistake is granting IT personnel unbridled access to everything. This makes it easier for them but also leaves the door wide open to an organization-wide attack if the credentials of any one of them are stolen.
It is not just bits and bytes that need to be protected. You also need to secure your hardware. Hackers are getting innovative and learning how to breach networks through seemingly innocuous devices, like printers. Because a printer is usually a shared resource between multiple departments, several people are allowed access to it. The hardware that enables this, the data cables, works both ways, allowing the printer to access connected computers. A printer cannot access data on its own, and so no one considers it a threat.
What hackers do is spoof the IP address of the printer. They can easily find this by looking at network flow patterns and seeing to which IP address the data is sent but never received. They pretend to be the printer, a trusted device and gain access to all files on computers that are connected to the printer.
According to the 2016 Cyber Security Intelligence Index, 60% of all attacks happen from within. It needn’t be always a disgruntled employee. It could very well be someone who unintentionally left the door wide open. Conduct routine IT security awareness campaigns and exercise for all your staff, explaining why it is important to your business. Worried about the potential loss of productivity? The financial losses that you are risking are far greater.
Hackers seek to make money. Some companies rest easy thinking there is nothing that would be of value to someone outside the organisation. The point is that your data is valuable to you. Ransomware is how hackers lock up your files and ask you to pay for gaining access to your data.
In November 2016, the San Francisco Municipal Transport Agency was hit by a ransomware attack, forcing them to allow users to ride for free. There was nothing else they could do, with all their 2,000 computers being frozen and displaying black screens.
You could also be unknowingly exposing yourself to a data breach or ransomware attack if you let employees bring their own devices and connect to your network. There is no telling what is on them. In the interests of IT security, the BYOD or Bring Your Own Device work culture is not recommended. But if that is a necessity, such as your travelling sales executives requiring access reports from their personal devices while on the go, rewrite your IT policy. Find out what exactly they need. Don’t give access to the original file, but a copy that is stored elsewhere. This way, even if their devices should be the starting point of an attack, your assets will be safe. It is only the copies that will be compromised, and you can afford to let them go.
On that same note, you also need to backup all your data on a site that no one has access to, except one person. In case all your systems are attacked, you can be back up and running after wiping everything clean and re-installing all the necessary software. You will have your data to fall back on. This is how you can overcome an attack, by simply being prepared.
It is not enough to be secure. You need to be doubly secure, at the least. Adding multiple layers of security should help you minimise losses and get back on track sooner even if the first line of defence is breached. Take a fresh look at biometric employee logins – these considerably minimise the risk of outsiders gaining access.
Your data should always be encrypted. This involves a cost, and encrypted data also moves slower through the network, plus additional time is taken for decryption. However, it is better to be safe than sorry.
What you could do for the moment is what has always been told time and over again – have a good firewall in place, make sure that your anti-virus definitions are up to date, and run periodic scans on all systems.
Your website is the most overlooked point of entry for hackers intending to unleash attacks on your systems.
When it comes to IT security, it is always the small things that matter.