The 7 Deadly Security Sins - Could You be Committing These All-Too-Common Mistakes?
Here at Kelser we've seen the same security errors being committed time and time again. In order to help keep companies from making the same mistakes, we put together a list of not only the worst security sins -but also some of the most surprising (and least thought of).
7 Deadly Security Sins
- USB Drives
- Wi-Fi Access Points
- Failure to Update User Roles
- Mobile-Device Permissions
- Passed-Around Logins
- Website Login Encryption
1. USB Drives
Plugging in a tiny USB drive wouldn't give most people a second thought, which is why they can be such a network security nightmare. The security risk wouldn't be as great if these plug-and-play devices didn't automatically execute programs on the drives, but with automatic execution the security risks are tangible. The fairly simple solution to this problem is to change your machine's Autorun policies.
2. Wi-Fi Access Points
Wi-Fi. We all connect to it everyday, but the average worker has no idea of the dangers it can bring. Even worse, many IT departments don't properly address the safety concerns. If you haven't properly secured your Wi-Fi access points, you're not alone - even the biggest companies can have a lapse in Wi-Fi judgement. For example, T.J.Maxx's parent company was hacked via their own Wi-Fi access points - an intrusion that has cost them over $500M.
3. Failure to Update User Roles
Companies add employees, lose employees, and move them around within their organization’s hierarchy and their user roles need to be updated accordingly. Failure to remove users from the system, or having incorrect permissions, can wreak serious havoc on network security and can leave you vulnerable to data intrusion attacks.
4. Mobile-Device Permissions
Mobile devices are a security threat but they are a 'necessary evil'. One thing we see all too commonly is granting full permissions to each mobile user. While some users will need full network access, the majority of them won't and can safely and easily be restricted to lower level workflows that offer a stronger security profile.
Printers are no longer simple inkjets that perform basic printing functions. They are now living, breathing devices that are connected to your network. Today's printers are WiFi-enabled, connect to mobile devices, and are fully connected to your internal network. This security profile makes them extremely risky, and often surprisingly so.
Since much of your sensitive documents pass through your printer(s), they can be a data-intrusion bonanza for would-be hackers.
The reason printers can be a weak spot for data intrusion is that these digital workhorses often save digital copies on their internal storage. And since they're WiFi-enabled, all one needs is access via WiFi to steal your sensitive documents. Hackers can also snoop on your network and capture all the documents sent to the printer, install malware, and even send faxes to stored client numbers directly from your machine. While this all sounds rather like a digital James Bond movie, corporate espionage is real and it's becoming more of an issue every year.
6. Passed-Around Logins
The point of making role-based permissions is to only provide in-depth network access to those who absolutely need it. But, login sharing is often used by employees to share workloads and circumvent the system. This problem is compounded with permissions that aren't updated as people change positions in the company and move on to other companies.
This problem can also be hard to police, as many employees don't fess up to sharing their credentials, however it is possible to police credential sharing. A good first step is to make your users aware of the security dangers of login sharing. If that alone doesn't work, you may have to monitor which devices logins are being used on.
7. Website Login Encryption
Many companies have employee and/or client logins on their website but not enough of them use encryption. By using session encryption you can vastly decrease your chances of falling victim to network security intrusions on your website, which may house some of your most sensitive information (about employees and clients).
The above are just a few of the major network security sins that we see on a regular basis. The good news is that many of these have executable solutions that can patch these security loopholes - it's just a matter of knowing that they're there.
If while reading this you were shaking your head thinking, 'I didn't even think of that' then your network security likely isn't as strong as you may have thought. But never fear, we can help. We've helped companies of all sizes make the transition into security powerhouses.