Information security is a critical challenge for businesses. Threats come from everywhere; even old fax machines can become entry points for malware. It’s easy to make mistakes when configuring or managing systems and accidentally make yourself vulnerable to attack. Take a few minutes to double-check that you’re not making these common errors.
1. Failing to keep up to date with patches
This is a major mistake with major implications for data security. Applying patches isn’t like locking the barn door after the horses are gone; it’s putting a better lock on the barn door. Without patches, you remain vulnerable to known vulnerabilities. Patches ensure you’re protected against them. Although patching systems and tracking that patches were applied to all systems can be time consuming, it’s important to create a patch routine that keeps your systems current.
2. Disabling or misconfiguring firewalls
Firewall rules are a pain to keep straight. It’s easier to enable access to a range of IP addresses than to a specific server. When applications are retired, it’s easy to forget to cancel the firewall rules that are relevant. As time goes on, the firewall rules become a complex mess that no one really understands. Avoid this problem by adequately documenting firewall rules when they’re added. Perform an annual review to validate that existing rules are still needed, and make sure updating the firewall is part of your process when shutting down an application.
3. Not using network segmentation
If an intruder does manage to make it through your firewall, network segmentation will limit how far they’re able to go, how much data they’re able to access, and how much damage they’re able to do. Like firewalls, managing network segments can become complicated.
4. Using default settings
Default configuration settings may not be optimized for security. When you use enable default administrator accounts and leave them on their default password, you’re leaving the door wide open for anyone to walk in.
5. Failing to control privileged accounts
Unfortunately, misuse of privileges by employees is a common cause of data breaches. Admins should be given individual accounts with the appropriate level of privileges, rather than sharing a common admin account. In addition, privileges should be granted based on roles rather than allocated to users individually, and there should be a periodic review to make sure users have only the privileges appropriate for their job function.
6. Not controlling mobile access
It’s great that employees are able to work from anywhere using their own devices, but this can expose your data to a wide variety of risks, from shoulder surfers to lost devices to malware installed over public WiFi. Make sure you define a “bring your own device” policy so users know about their responsibility to protect corporate data on their devices, and consider using mobile device management or other tools to enforce controls over mobile access to corporate resources.
7. Not inspecting outgoing traffic
Keeping data secure isn’t just about blocking hackers from entering your network; it’s about making sure confidential data doesn’t exit your network. This can be the result either of a breach or of employees using unapproved cloud services or even email to share files. Consider using data loss prevention software that can identify when sensitive data is being sent outside of your environment.
Keeping data safe requires being proactive. If you’re making any of the above mistakes, take action to close the security holes. CCS Technology Group develops comprehensive information security strategies that help you put effective data protection controls into place. Contact us to learn more about avoiding mistakes that threaten your data security.