People are the most vulnerable layer of network security for most businesses. Employees at nearly all levels play important roles in protecting companies’ critical assets. That’s why responsible businesses train and test their employees, and then repeat the process with updated instructional material.
Threats change. So to be effective, training must be constantly updated too. It’s not enough to do it once. It’s such an ever-evolving threat vector. Continuing to refresh is critical. Once good, human safeguards are in place, a company can put more attention on the mechanical means of protecting a network.
Protecting a company’s electronic assets can be especially challenging for small and midsized companies because they often lack the security staff and other resources larger enterprises can afford.
Viewing potential targets from the perspective of a hacker might help smaller businesses devise or improve their strategy for protecting a network from outside threats. Over time I have identified general areas cyber thieves are likely to examine in attempts to penetrate a company’s security.
Below, you’ll find five possible vulnerabilities cyber thieves commonly exploit. Businesses should keep these targets and solutions in mind while formulating or reviewing a protective strategy.
- Outdated software. Apply patches and updates promptly. The fact that software is reported as outdated is an indicator of potential problems.
- Open ports. Install a firewall if there isn’t one in place already and have it programmed to close ports that are open unnecessarily. Open ports can be pathways for intruders.
- Social engineering. This is a key area in which the need for continuous employee training comes into play. Beware of phishing, for example. Phishing is when hackers use email or some other means of communication to try to acquire sensitive information or infiltrate a network.
- Compromised credentials. Data breaches at many organizations have provided hackers access to all sorts of potentially useful information, including personal information, user names and passwords. A lot of that type of information is available on the dark web. Data breaches have increased the need for computer users to use unique and strong passwords for every account they have. In addition, they should change passwords often. Using an online password-management service can help users remember their passwords and stay organized.
- System exposure. Be careful what parts of your network are accessible to the public. The public might not need access to a company’s customer relationship management strategy, for example. Limit employees’ network access to only what they need to do their jobs.
It is important for companies to have a layered approach to providing security. Viewing security strategy as a series of rings encircling mission-critical assets might help. The rings start at the outer perimeter and include layers of network, endpoint, application and data security. Precautions should be implemented at every layer, not just sprinkled about here and there.
