Did you know that a billion data records are breached in the US every year taking the losses up to an average $15 million per incident, which is unprecedented and growing than ever? Sure, cybercriminals are gradually considering cybercrime as a lucrative career option, but that doesn’t alone create the colossal disruption of cybersecurity.
Most of them, are a result of negligence--and in some case--sheer ignorance. All being said, there’s no single solution that solves the businesses' IT risk management problem. Organizations should be aware that some things are to be changed for good. We here list those practices that can’t be good for your enterprise security.
Still using old printers?
An essential device for your organization to run your operations smoothly. But, have you ever thought it could a potential threat vector? More so, especially, when your printers are old and unsecured. Typically, your printers are connected to the organizational network and are used to take hard copies of your office documents. Incidentally, printers do store the documents in their teeny-tiny memory for printing and are not protected by IT security solutions, which when accessed by a hacker could put your business at risk.
Also, when was the last time you ever considered upgrading your dated printers with advanced, secured printers. The obsolete devices have vulnerable protocols which are easily exploited by cybercriminals to steal data. Get rid of your old printers with more secured ones--until then--isolate those printers to a separate network having limited access to effectively achieve business risk management.
Have you overlooked the alerts?
In a recent study conducted, it was crystal clear from the outcome that only 1 out 100 security alerts turn out to be actual threats. This large disparity between actual threats and warnings makes the users take no serious note of those alerts. To prove the point, the study report said that about 31% of the respondents admitted that they ignore security alerts altogether because they believe those to be false warnings. Thus, too many incoming security alerts are taking the seriousness away.
Businesses should implement tools, that are sophisticated in filtering out false alerts. Also, prioritizing severity of the alerts as “high”, “medium”, and “low” will let know users the gravity of the alerts.
Do you give admin rights every Tom, Dick, and Harry?
The process of requesting access, evaluation, and approval may sound tedious and bureaucratic, but it is needed to keep your security loopholes plugged. Often, in a bid to improve the ease of operations, organizations draft and implement security policies that enable system admins to give out admin rights to every random user. Any form of administrator right given should go through careful risk analysis.
Are you prepared for your device loss?
People who’re always on the move are more susceptible to their device thefts. And today, the line between personal and business life is too thin to distinguish. Suppose you lose your phone or laptop, in hotel, taxi, or airport could put your data at high risk. Any such incidents can be easily mitigated if you’re prepared for it. All you have to do is remotely encrypt your data so it isn’t useful to the people who lay their hands. Albeit, only if you’ve thought and prepared for it.
As cyber threats evolve gradually, the tried and tested practices may not work in the future. Thus, it’s a constant effort to revive your security policies as time passes and technology grows.