December 21, 2021
logo
Business Security Threats - Avoid These Common Mistakes to Protect Critical Data

Business Security Threats - Avoid These Common Mistakes to Protect Critical Data

Orville BravoDecember 21, 2021, ,

We have compiled some overlooked security issues, suggested by some of the experts with first-hand experiences so that you can avoid these mistakes and protect the critical data of your organization.

SIM Swapping

One overlooked security threat is *sim swapping. *This is where a bad actor compromises the *phone service representative *into porting your phone number, onto their sim card. The reason this has become such a problem is because many people use their phone for SMS 2FA. So if the phone number is successfully swapped due to the compromised phone representative, then the bad actor can then start to receive text with the codes to log into your accounts.

Easiest way to avoid this is to avoid using SMS 2FA. Unfortunately, many companies only offer SMS 2FA (including my personal bank which is highly disappointing). In that case, use a Google Voice number for the SMS 2FA. Google Voice does not have phone service representatives, which means they cannot be compromised.

Jeff, Security Officer, Critter Depot.

People Aspect

One thing we've learned when it comes to data security is that the people aspect is always going to be the hardest to control for security. There will always be someone who will take home a computer with sensitive data, write a password on a sticky note or fall for a phishing attempt. In my opinion, there are two main things that every organization can implement

quickly and easily to help manage this aspect of its security. First, equip your people with password managers so that they've only got one password to manage - this will cut down on passwords that are too similar or are physically written down. Second, when working with sensitive data, formalize a check-out process for computers and data storage mediums for

those that are taking them outside the building.

Alex Kus, CMO, Buddy.

Gathering Too Much Data

Some businesses gather far too much data simply because we might need it later and storage is cheap. The more data a corporation holds, the more it is subject to legal violations and security breaches. The greater the amount of data a corporation has, the more time and data professionals it will require to recover it. Massive data collection also poses a serious

security risk. The greater the amount of data stored, the more likely it is to be stolen.

Robert Johansson, CEO & Tech Expert, imgkits.

Skipping Training

There’s one thing I always emphasise to my clients: training, training, training! All the software layers and mechanisms in the world won’t save your business from disaster if a staff member fooled into paying an illegitimate invoice, handing over passwords, or installing ransomware. All too often there’s an assumption that companies can mitigate all risk by throwing money and software at cybersecurity - but awareness is crucial too.

Ben Taylor, Founder, 

Identity-First Security

The hybrid work model is getting more and more popular in today's workplaces. Companies are shifting to business digitalization and the migration to cloud applications is a vulnerable point for any company. Here comes the need for identity-first security. This trend is not new,

but it takes on fresh instancy as attackers and scammers now target identity and access management capabilities. Attackers are targeting active directories and the identity infrastructure with great success. Identity verification is the key to reducing the risk. Multifactor authentication is used broadly, but it is not enough. Identity-first security must be

prioritized and properly configured, maintained, and monitored with high importance.

Meggie Nelson, HR Manager, AMG Time.

Disabling Firewalls

For businesses, information security is a significant concern. Threats can come from anywhere; even obsolete fax machines can be used as malware entry points. Disabling or misconfiguring firewalls is a common mistake made when securing sensitive data. It's challenging to keep track of firewall rules. It's easier to grant access to a range of IP addresses than to access a single server. When programs are decommissioned, it's simple to forget to remove any applicable firewall rules. The firewall rules become a convoluted jumble that no one understands as time goes on. When firewall rules are added, make sure they are properly documented to avoid this problem. Conduct a yearly assessment to ensure that existing regulations are still needed and ensure that updating the firewall is part of your

shutdown procedure. 

Teo Vanyo, CEO, Stealth Agents.

Comment6

In reference to data security, it is anything that may or may not happen but has the potential to give unauthorized access to corrupt the unification of business data. The effect can be complex on your business as replacing your client's data, sensitive files, Bank accountant payment details.

The c level executives and boards are required to wake up and distribute more money to cybersecurity initiatives. These groups and managed service providers are well aware of many things that would improve security. Social engineering training is significant and better than nothing; you should advocate for investment in systems to help workers go without passwords as authentication, 2FA or 3FA, or U2F everywhere; it dramatically increased spending on email screening and security.

David Reid, Sales Director, VEM.

OUR BLOG
What Is A Transportation Security Officer?
What Is A Transportation Security Officer
An employee of the Transportation Security Administration (TSA) at an airport is referred to as a transportation security officer (sometimes ...
How To Become A Certified Security Officer?
How To Become A Certified Security Officer
When times are difficult, individuals have a tendency to turn to dishonest tactics to achieve what they want. This can ...
What Does A Chief Information Security Officer Do?
What Does A Chief Information Security Officer Do
The chief information security officer, or CISO, is an executive position at a senior level that is responsible for developing ...
What Does Homeland Security Officer Do?
What Does Homeland Security Officer Do
Homeland security experts in a wide variety of fields, such as emergency response, counter-terrorism, and cybersecurity, are tasked with the ...
Do Spouses Of Deceased Veterans Get Benefits?
Do Spouses Of Deceased Veterans Get Benefits?
Survivors of deceased military personnel and veterans are eligible for various benefits. Dependent Indemnity Compensation, a Death Gratuity payment, and ...
What Is Combat-Related Special Compensation?
What Is Combat-Related Special Compensation?
Combat-Related Special Compensation (CRSC) pays special compensation to retirees whose income has been reduced due to receiving disability compensation from ...
1 2 3 18
logo
NE Guard is your go-to choice when it comes to the latest news regarding security. Our team has got you covered whether you're looking for physical or virtual safety.
Copyright © 2022 NE Guard. All Rights Reserved.
DMCA.com Protection Status
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram