Avoiding Basic IT Security Mistakes
In 2015, cyber security, or rather the lack of it, dominated the headlines. It seemed like almost every month we were hearing about yet another high profile data breach. This is the reality of modern business; as we become more digital, we face new and complex threats. Consequently, organisations are dedicating more time and resources to cyber security than ever before. Hackers are an intelligent bunch and you’d be forgiven for thinking that the majority of data breaches result from deeply buried vulnerabilities that have taken weeks or months to uncover and exploit. Whilst this may be true in some cases, the reality is that a surprising number of businesses are vulnerable to attack, due to basic oversights that could easily have been avoided. In this article, we consider some of the basic security mistakes that are so often overlooked.
Sharing passwords
It’s common knowledge, these days, that weak passwords are the primary target for hackers. If you don’t know this, you may already be in trouble. Most businesses have already taken measures to ensure that their employees are using appropriate passwords that provide a good level of security. On the banned list are passwords that are easy to guess, too short and don’t contain a good mix of upper and lower case letters as well as numbers and symbols. This is basic and, if not already implemented, it should be seen to immediately.
However, password issues may begin with strength, but they don’t end there. Perhaps a more prevalent problem is the issue of password sharing. This includes the use of the same passwords for logins to different systems and services, as well as employees sharing passwords with other employees. Whilst this may provide convenience for everyone using the systems, it only makes a hacker’s life easier. Once a hacker has obtained a password, they can then use it to gain access across the entire network and different systems. To avoid this, you should ensure that your employees use completely unique passwords for every single service and system that they use. This practice should also be promoted for any services employees access outside of your company systems online. Of course, this makes life harder for everyone and there are always those that will protest that their ‘strong’ passwords are impossible to remember. However, the practice is vital if you want to limit vulnerability and many great password management tools are available to help with the process, so there’s no excuse!
Overlooking the protection of smart devices
An increasing number of internet enabled devices are entering the workplace. Whether this is via BYOD policies or simply investment in high-tech equipment for the office such as smart TV’s, it’s important to remember that all of these devices could present potential cyber security risks. Any new smart device included in your network infrastructure needs to be subject to the same tight rules and regulations that are in place for existing equipment. It may even be worth doing an audit of equipment within your network, as you might be surprised at what has been overlooked that might constitute a weak spot within your network. Anything that connects to your Wi-Fi network or has Bluetooth functionality is a prime target. Such devices can act as a portal into your company network or even be turned into listening devices for hackers to gain inside information about your company. You can protect your business against such weaknesses by ensuring that all unnecessary functionality is disabled in smart devices. This may include Bluetooth, cameras, Wi-Fi etc. It’s also important to ensure that any device within your company network is subject to the same security measures as your office PC’s and other conventional equipment. When it comes to employees’ personal devices being used for work purposes, it’s important to have a strict usage policy in place. Make sure, for example, that you have the ability to remotely wipe such devices should they be stolen or lost.
At Midland Networks, we provide a range of solutions that are designed with security in mind. If you want to find out more about implementing a secure IT and communications infrastructure, contact us today. We have the knowledge and expertise to advise and support you with Wifi security.