2013 was a record year for data theft and security issues, with over 740 million stolen records exposed (those are the ones we know about at least.) I was talking today to a Certified Ethical Hacker on staff here at JMARK. I walked into the discussion just wanting to get some background information and key points, I left with fear and loathing that maybe I needed to increase my own security protocols. The most profound words I heard, were, “If someone really wants to hack into a company, there is very little that can stop them.”
We talked about the biggest security weaknesses that exist in most networks from banks to doctors’ offices, to coffee shops. Here are the biggest take a ways that you need to consider when determining if your company’s network and data is secure.
- The Lazy Man (or Woman) – One of the biggest problems in networks is where people just set things up in their default state. Whether it be a network printer, multi-function device, switch, even access points and routers. Then there is software configurations, online software applications, and portals, etc… Instead of taking the time to do it right, things might be done the “easy way” to get it working quickly. It only takes one device or application, to open the door for a hacker to compromise an entire system.
- Social Engineering – Social engineering has been around for a long time. The idea is that you get someone in the organization to let the hacker in through some “door.” This is easily done by calling someone at the company they want to hack, then convincing them that you are the I.T. Department or the I.T. Support company. Do that and the hacker can easily get information from them that gives the hacker a way in. There are a ton of other ways this can be done, but rest assured that it is happening all the time. We receive a decent number of calls or requests from people claiming to be from a client, when they are really not. Your own people and processes are one of your biggest weaknesses.
- Ignorance – It is not your job to know the difference between a Man-in-the-Middle attack and a Denial-of-Service Attack, it’s our job. On that same note though, it is your job as a business owner or executive to mitigate risks. Did you know that an attack could occur if a printer is configured wrong? Do you know that an employee can often setup a rogue access point to bypass wireless security? Did you know that your website could be a source of information that could allow a hacker in your network? Do you know if your employees are educated enough to know the difference between the I.T. guy and some guy that looks and sounds like the I.T. Consulting guy? Do you know if your USB ports are locked down to prevent people from connecting to them or your employees from downloading data?
Security can be scary. The companies that were the ones that lost some of those 740 million records, had really skilled people, and really sophisticated systems, but they did not do enough. Don’t risk your company’s reputation and your clients trust by failing to properly secure your network and data. Call JMARK today, and we’ll help to provide some piece of mind, by properly implementing security protocols, techniques, equipment, and policies to ensure you’re your data and network is safe and secure.
