IT security challenges: the frightening new normal for enterprises.
With every headline about the latest data breach, enterprises like yours become more aware of IT security challenges. Living in an information economy means you need certain technologies to keep up with the competition. Unfortunately, that same technology renders you vulnerable to attack. Hackers are fully prepared to exploit any weakness so they can get at your customers’ valuable data.
Hackers’ methods of attack are always changing, and so are the ways to keep them out of your system. And the stakes keep rising. Back in 2014, the average cost of a data breach came in at $5.85 million. Last year it rose to $7.35 million. And yet, according to security and IT professionals, 75 percent of enterprises don’t have a cybersecurity response plan in place.
What security challenges to watch out for.
In the midst of this security arms race, what can you do to protect your organization? Perhaps the most critical step is to identify basic vulnerabilities and threats, including:
#1. Malware—it’s everywhere
Malware plays a critical role in most cyber criminals’ attacks on your network. Its job is to get inside your system, typically through an email, download, or bad link. Once there, the malware executes its secondary objective, like stealing data or granting outside access.
Malware is especially insidious because it’s tough even for IT security pros to spot and remove it. Usually, the only clue you have that you have malware is when your computer runs exceptionally slow.
To avoid malware, the best tool is a critical eye. Be suspicious of every email that comes across your screen, scrutinize any download for credibility, and avoid clicking on any unfamiliar links. You are your employees have to develop a sense for legitimate online correspondence and spammy click-traps.
#2. Mobile and remote workers
Employees are working on the go more and more. According to Gallup, nearly half the workforce worked remotely at least part of the time last year.
For some employees, working remotely is a job requirement. For others, it’s a nice perk. But for IT teams, this trend tops most lists of IT security challenges. As more and more employees access confidential company data while using unfamiliar networks, the chances for malware infection increase.
Unfortunately, in the rush to accommodate BYOD (Bring Your Own Device) policies, companies run the risk of exposing their data to unsecured networks. They also risk sending that data to personal devices that might not have sufficient security measures in place.
To prevent this, some companies issue mobile devices that come pre-loaded with standardized security measures. Others employ end-to-end encryption and standardized protocols like TLS (Transport Layer Security). Whatever you do, start by educating your employees about the perils of unsecured networks and devices.
#3. Out-of-date operating systems and applications
Maintaining updated versions of your applications and operating systems is the front line of your cyber-security defense. This should be a basic, yet high-ranking priority for IT departments in their effort to protect their data.
The challenge is when some companies put off updates for various reasons. Updates can take time, resources, and expense, and can also lead to downtime for customers. Some companies can’t update because they’re running applications built specifically for the older version of an operating system.
The issue here is that hackers exploit every advantage they have. When a vulnerability in an older version of an application or operating system is discovered, they’re quick to capitalize on it. In contrast, enterprises are often slow to respond when vulnerabilities are revealed. This providers hackers with a target-rich environment, which is why you want to stay on top of software patches and system updates.
#4. Infected emails—don’t trust, always verify
Infected emails—also called phishing scams—are one of the easiest ways for hackers to get into your systems. To be honest, we all routinely open emails without giving much thought to security. That’s what the hackers bank on, and why phishing emails are so successful.
The key to avoid a phishing scam is to be on the lookout for certain red flags. Here are a few:
- The email is from someone you don’t know. Infected emails will usually come from a person or company you don’t recognize. This should put you on the alert. But be aware that hackers can also get into email accounts and send infected emails to that account’s contacts. These emails will come from a familiar source. However, they’ll usually consist of a link and perhaps an urgent subject line along the lines of, “Hey, check this out!” If you see an email like this, contact the person who sent it and ask about the link. That’s how many people learn that their account has been hacked.
- The email doesn’t address you by name, or uses the wrong name. If it’s simply a “Dear friend” email, or it’s addressed to someone other than you, then treat it like a threat.
- The email will sound urgent. Hackers use emergency language to put you in a fight-or-flight mode. In this state, your critical thinking shuts down, making you more liable to act impulsively and click on unfamiliar links or attachments.
- There’s more to the link than meets the eye. If you’re suspicious of a link, hover your mouse over it. If the URL that pops up is long, confusing, or includes several Xs, then don’t click on it.
#5. The human factor
Harsh experience has shown that the human factor is the weak link for even the strictest security measures. Hackers know this, too. That’s why many of their tactics rely on people routinely clicking on a link and unwittingly downloading malware. But this also shows that most hacks are crimes of opportunity. Limit the opportunities, and you limit the hackers’ advantage.
One solution is to remove the human factor whenever possible. This usually means limiting administrative access and employing a centralized password manager. Another option is raising awareness among your employees by implementing regular, comprehensive security trainings. Teach employees what to look for in phishing and other scams. Cover password security, and how it’s better to use “passphrases” as opposed to “passwords.” Emphasize that, above all, employees should think before they click.