<img alt="" src="https://secure.hear8crew.com/200390.png" style="display:none;">
CMI Blog

The 5 Most Common Gaps in Your Business Cyber Security

 

Time, experience and some eye-watering headlines have helped to hammer it home: your business needs adequate Cyber Security. The business world is arguably more aware than ever of the growing online threats and yet, there remain some common security gaps that befall businesses worldwide, time and again.

Some of these gaps are often overlooked, owing to their relative infancy; others are now so well-renowned that it’s baffling to see them returning as a yearly recurring culprit. So, from the obvious to the obscure, here are 5 of your business’ most common security gaps.

 

Your Printers

Well, specifically their ports, but printers are a nonetheless perfect example of hidden cyber security gaps. More devices, including the once-basic office printer, are internet-connected and hard drive equipped, meaning they’re carrying valuable business data. Any unsecured ports on those devices can be accessed by determined data thieves.

Last year, cyber security researchers discovered that over 800,000 unsecured printers were accessible online and, in a cheeky touch, forced 28,000 of them to print cyber security advice, demonstrating the ease and scope in which unsecured devices can be compromised.

With any internet-connected device, it’s important to immediately amend the factory defaults, change generic passwords and set up any Two Factor Authentication. However innocuous the tech might seem, any open security gaps are an entry to your network.

 

Cyber security gaps

 

Your Privileges

Last year, a data breach report from Ponemon revealed that 74% of respondents that suffered a data breach did so because of all-too liberal third-party access privileges. That’s a staggering number and one that should give EU and UK businesses pause for thought, considering GDPR responsibilities which mandate strict data access control.

For all software, servers and sensitive devices, it’s important to review access privileges for everyone – be they third party or your everyday workforce. That means revising Role, Data and Context Access Controls that manage the user, data type and nature of the access request - something a dedicated Security Operations Centre can help manage and simplify.

When software providers drop official support for their applications, that means integral security updates stop too. Windows 7 is a recent example; despite support ceasing in January 2020, a least 100 million machines were still found to be using the aging OS earlier this year.

Refusing to move to that all-new app or OS could be your ultimate undoing once the security updates stop rolling in. Criminals will regularly turn their attention to unprotected apps, knowing that whatever malware they cook up next could slip through the remaining security gaps with minimal resistance.

 

Your Policies

Almost every year sees the same predictable passwords being used: ‘123456’, ‘letmein’, and of course, ‘password’. One easily guessable password among your staff is all it takes to give criminals an in.

It’s easy to see why people keep leaning on memorable passwords: the average person has between 70 and 80 to remember in 2021. Yet outside of software such as password managers, passwords are best managed on a policy level, mandating regular changes and minimum standards such as an enforced character count, unique characters and alpha-numeric passwords. That way, the weaker ones don’t stay that way for long.

But passwords are perhaps the simplest example: policies also manage your data retention and access allowances. When was the last time you managed your legacy data – and could a trove of forgotten info provide an insight to intrepid intruders?

 

Your People

From business insiders to criminal outsiders, few breaches - accidental or otherwise – occur without human influence.

Thankfully, it’s not all as dramatic as it sounds; most of these breaches occur through a simple lack of knowledge as opposed to malicious intent. It’s important to be aware of certain security gaps and ensure staff are trained regularly on their severity. Phishing, for example, remains one of the most common causes of a data breach, and can’t succeed without both a perpetrator and a victim – in this case, your users.

 

Don’t Tackle Your Security Alone

Security is a shared responsibility – so let us share it with you. Our Impact360 Security Gap Analysis enables you and your users to plug any security gaps and keep you protected – technically and tactically. Book a free Impact360 Security Gap Analysis below.

Protect my Business

 

Topics: cyber security, Security and Compliance, SOC, Security Operations Centre

Graham Stead

Written by Graham Stead

Graham joined CMI following the acquisition of his previous business in 2016, having successfully run that for business for 20 years. Graham's absolute focus is on making sure that we consistently hold our clients central to everything that we do, and is often heard repeating our mantra "we exist to make a significant positive impact on our clients business". Graham and his team work closely with our clients to educate, inform, and ultimately to provide technology that delivers that positive impact. Outside of the office, he is a huge supporter of Bone Cancer Research Trust and has raised over £130,000 for them in recent years.

Know someone who
would benefit from CMI?