In almost every case, the ultimate goal of a cyberattack is to steal and exploit sensitive data, regardless if a hacker is after the customer’s credit card information, or an individual’s credentials to misuse his or her identity online.
Different levels of targeting exist for various reasons and motives behind it. For instance, a cybercriminal could launch an indiscriminate attack to gain as much information from many people or an employee, holding work-related grievances—aiming to ruin his employer by doing an inside job.
Hackers—yes, don’t only appear on the big screen, as they make use of common tactics to access information by breaching data online. While information security through IT audit and other measures can possibly prevent a security breach, a business will do well to educate themselves regarding the most usual ways data is breached, most especially ones that require legwork and don’t happen online.
External Vulnerabilities in the Real World
The most fundamental information security risks present in everyday business sometimes escape the top concerns of business heads. These security holes should remain a priority, considering that hackers’ techniques keep evolving.
As mentioned earlier, these attacks don’t just happen online. Here’s a list of potential external vulnerabilities your business may have.
1. Inside Jobs
Security breaches can be at the hands of the most trusted employees. Someone with administrative privileges—ones from within the organization, deliberately misuses his credentials to gain access to confidential company information.
In other cases, former employees present a threat, especially if they leave the company on bad terms. A business should, therefore, have a protocol in place to revoke ex-employees’ access to company data upon his termination.
2. Taking Home Company Information
Most companies neglect the fact that employees take their work home, and so, carry with them sensitive information. This poses a threat to a company, as it can expose data to friends, relatives, and even to their own family.
Even an employee’s child can gain access to sensitive information in mere moments alone with a company computer.
3. Misplacement and Loss of Data Storage Devices
Assuming that employees act in the best interest of the company, and that they protect company data can only do so much. There is no accounting for crime, disaster, accidental loss, or unintentional mistakes.
Hackers can break into cars for laptops contained within, likewise, can take advantage of USB thumb drives. Devices left unattended can yield information.
Don’t wait for a disaster recovery effort to happen and be responsible, as company data is best left within company facilities.
4. Access to Controlled Badge
Even companies who are smart enough to secure buildings have a tendency to let their guard down. A guarded access point becomes accessible when a company no longer monitors who uses an access badge to gain entry.
Loss of these badges needs to be kept to a bare minimum, and employees need to report these losses swiftly to ensure not only information security but physical security of the company assets as well.
5. Unpoliced Screens and Weak Passwords
Despite training on data security, employees tend to fall complacent. Businesses must ensure that employees are on their toes and remain vigilant in keeping company data protected.
Locking their screens when away from their desks, and using strong passwords that are regularly changed every 90 days must be second nature to them.
6. Wrong Disposal of Information
Not many companies come to realize that most employees do not observe the paper-shredding policy. Companies should strictly implement this rule to ensure that no paper is ever disposed of without being shredded. This guarantees that no sensitive information can ever be recovered from the trash bins or disposal facilities.
Ready to protect your data? Keeping these vulnerabilities in mind and implementing strict policies in information security will keep the company as safe as possible.
Vladimir de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security.
Outside the field, he is a professional business and life coach, a teacher and a change manager.
He is also a certified information security professional, certified ethical hacker & forensics investigator and a certified information systems auditor.
Check out Vlad’s IT community here.