6 Steps to Prevent Hackers From Attacking Your Systems’ Biggest Vulnerability
The weakest link in most security systems is the user. Use these tips to make sure hackers don’t use them against you.
Given the value of personal information, financial account credentials, intellectual property, business plans and other types of sensitive data that are handled by most organizations, any breach leading to a loss or exposure could have devastating financial and reputation results. Protecting these vital assets must be a critical part of any company’s overall business risk planning. The challenge for many organizations is how to best accomplish the task.
Valuable data assets like databases and servers are typically stored in locked, access-controlled rooms deep within protected data centers but in a networked world, locking up a data center, guarding the building, erecting a fence with barbed wire, even digging a moat simply can’t protect this information because of one simple truth: that data is accessible across the network and every network has vulnerabilities.
Redefining the Perimeter
The notion of what constitutes a security perimeter has been evolving for some time and IT and security management can no longer count on the well-defined perimeters of their office network and its connections to the outside world to protect their organizations from external attacks. For starters, the way in which data and access rights are distributed across users in today’s highly mobile, dispersed work environments erases the traditional definition of a perimeter. Instead, the idea of a definable security perimeter has been replaced with a new concept: the user, whether they happen to be in the office, at home, or in a cafÃ©, is now the perimeter.
Virtually every firm depends on data and is increasing both their use of networked systems and the mobility of these systems. Similarly, criminals are in a constant race against their targets to capitalize on the value of data. These business-minded attackers often focus their emphasis on the weakest link in many security systems: the end user. Every end user is a potential “back door” into the business network through such vectors as falling for a phishing email, leaving their smartphone in a taxi, or failing to secure their home Wi-Fi network. Unfortunately, in many cases, the back door is open: If the user can access data from a particular location then an attacker can access that data through the user.
More Effective Information Protection
If end users are in essence the security perimeter for every organization’s information assets, what actions can firms take to help physical security and IT departments strengthen that perimeter? And how can they do so without unduly restricting access to the information the distributed workforce needs to be effective in their tasks?
Outdated, unpatched or poorly configured systems remain one of the largest ongoing risks for many firms, leaving users — and by extension the organization — highly susceptible to breaches.
In many breaches, patches for known security vulnerabilities had been available for months or even years, but the organization had no processes in place to ensure they were applied and the configuration hardened, unnecessarily leaving users’ systems unprotected. This all-too-common “install it and forget it” mindset creates an unlocked, open back door that is essentially inviting unauthorized entry. Hackers are well aware of these vulnerabilities and are more than happy to exploit them.
Therefore, the single best step organizations can take to harden their perimeter and protect networks and data is to ensure that every end user system is included in the configuration and patch management process, with all software updates applied regularly and consistently. The good news is that there are six steps organizations can take to improve this process, each of which will significantly decrease risk and exposure from client-based vulnerabilities.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!