Are These 5 Vulnerabilities Lurking In Your Organization?
#1 Over-Reliance on Internet Connectivity to Conduct Business
Just because the internet works for you today doesn’t mean it always will. At some point, most businesses face at least a partial internet outage. Consider how an internet outage would affect your business and what safeguards can be put in place to work around such an outage? Do your users authenticate locally or via SSO such as Microsoft AzureAD? What steps can you take to provide business continuance during an unplanned outage?
#2 Vulnerability to Ransomware Attacks
As time passes and daily reports of high profile organizations being affected by ransomware attacks decrease the natural tendency is for end users to become complacent. It is because of this natural tendency that planning to deal with an attack of this nature is even more important. Many security exploits require only a single click by an unsuspecting end user. Consider the worst case scenario such as all of your live data being encrypted and unavailable for an extended period of time. What impact would the time and loss of productivity have on your organization? What safeguards have you put in place to deal with such an attack? What steps will you wish you had taken once it’s too late?
#3 Privileged users and the 3 C’s Coercion, Compromise and Carelessness
The majority of privileged users in an organization would not knowingly divulge confidential information or intellectual property to a third party. Historically speaking the majority of data leaks occur without the leaker even knowing they have been compromised. Consider limiting the number of privileged users with access to sensitive data and exactly what data each privileged user has access to. Enable data access auditing to track who accesses sensitive data and what they access. Review the collected information regularly. Remember, Planning without follow-through is worse than no planning at all.
#4 Information Based Decision Making With Bad Information
Information based decision making is a big buzz phrase and is an inherently good practice, but what if the information you are basing critical decisions on is flawed or inaccurate? Where does your information come from and how do you verify it? Does the person or department providing the information have a stake in the decisions being made? Challenge yourself to maintain objectivity and always scrutinize the accuracy of information provided to you for decision making.
#5 Organization Wide Training Programs (Or Lack Thereof)
Does your organization provide employees with the tools required to maintain organizational security? With an ever-increasing threat landscape, one of the most effective tools at your disposal is training. Training not only teaches acceptable methods for accessing online services but it brings to the forefront the importance of being diligent when online. Stressing the simplicity with which most attacks occur can really bring home the importance each employee plays in overall organizational security. Finally, a corporate security policy detailing what is and what is not acceptable when online is a MUST.