Time, experience and some eye-watering headlines have helped to hammer it home: your business needs adequate Cyber Security. The business world is arguably more aware than ever of the growing online threats and yet, there remain some common security gaps that befall businesses worldwide, time and again.
Some of these gaps are often overlooked, owing to their relative infancy; others are now so well-renowned that it’s baffling to see them returning as a yearly recurring culprit. So, from the obvious to the obscure, here are 5 of your business’ most common security gaps.
Well, specifically their ports, but printers are a nonetheless perfect example of hidden cyber security gaps. More devices, including the once-basic office printer, are internet-connected and hard drive equipped, meaning they’re carrying valuable business data. Any unsecured ports on those devices can be accessed by determined data thieves.
Last year, cyber security researchers discovered that over 800,000 unsecured printers were accessible online and, in a cheeky touch, forced 28,000 of them to print cyber security advice, demonstrating the ease and scope in which unsecured devices can be compromised.
With any internet-connected device, it’s important to immediately amend the factory defaults, change generic passwords and set up any Two Factor Authentication. However innocuous the tech might seem, any open security gaps are an entry to your network.
Last year, a data breach report from Ponemon revealed that 74% of respondents that suffered a data breach did so because of all-too liberal third-party access privileges. That’s a staggering number and one that should give EU and UK businesses pause for thought, considering GDPR responsibilities which mandate strict data access control.
For all software, servers and sensitive devices, it’s important to review access privileges for everyone – be they third party or your everyday workforce. That means revising Role, Data and Context Access Controls that manage the user, data type and nature of the access request - something a dedicated Security Operations Centre can help manage and simplify.
When software providers drop official support for their applications, that means integral security updates stop too. Windows 7 is a recent example; despite support ceasing in January 2020, a least 100 million machines were still found to be using the aging OS earlier this year.
Refusing to move to that all-new app or OS could be your ultimate undoing once the security updates stop rolling in. Criminals will regularly turn their attention to unprotected apps, knowing that whatever malware they cook up next could slip through the remaining security gaps with minimal resistance.
Almost every year sees the same predictable passwords being used: ‘123456’, ‘letmein’, and of course, ‘password’. One easily guessable password among your staff is all it takes to give criminals an in.
It’s easy to see why people keep leaning on memorable passwords: the average person has between 70 and 80 to remember in 2021. Yet outside of software such as password managers, passwords are best managed on a policy level, mandating regular changes and minimum standards such as an enforced character count, unique characters and alpha-numeric passwords. That way, the weaker ones don’t stay that way for long.
But passwords are perhaps the simplest example: policies also manage your data retention and access allowances. When was the last time you managed your legacy data – and could a trove of forgotten info provide an insight to intrepid intruders?
From business insiders to criminal outsiders, few breaches - accidental or otherwise – occur without human influence.
Thankfully, it’s not all as dramatic as it sounds; most of these breaches occur through a simple lack of knowledge as opposed to malicious intent. It’s important to be aware of certain security gaps and ensure staff are trained regularly on their severity. Phishing, for example, remains one of the most common causes of a data breach, and can’t succeed without both a perpetrator and a victim – in this case, your users.
Don’t Tackle Your Security Alone
Security is a shared responsibility – so let us share it with you. Our Impact360 Security Gap Analysis enables you and your users to plug any security gaps and keep you protected – technically and tactically. Book a free Impact360 Security Gap Analysis below.