Published on May 5th, 2020 | by Sunit Nandi
0The Top Workplace Vulnerabilities Hidden in Plain Sight
According to AV-TEST, malware detections surpassed one billion incidents in 2019. However, this year looks ready to continue the trend of a digital environment filled with potential threats.
Good security is essential for every business since malware detections increase yearly. Businesses should do more than put up outer defenses; they should look inward, too.
There are many potential security threats lurking right in front of you, but because they are so easy to overlook, you may not notice them until they become an attack vector. How can businesses strengthen their security and close potentially dangerous loopholes?
1. The Presence of Employee Devices on Your Network
Many businesses implement a Bring Your Own Device (BYOD) policy, which allows staff to use personal devices, such as smartphones or laptops, for company business. While this policy can save the business money and make IT management less complex, it also means that your security is only as good as the weakest link in the chain.
What happens when one user’s smart device becomes infected with malware before it connects to the office network? It doesn’t take much imagination to know that the problem could cascade to other vulnerable devices.
If BYOD is a business necessity, educate employees on proper security practices and follow through with enforcement.
2. Software Vulnerabilities That Open the Door for Hackers
Could the software that your staff uses every day be a gateway for bad actors?
Unpatched security vulnerabilities are a significant threat to enterprise operations, particularly when they affect critical daily tools such as PDFs.
Security researchers have revealed that Adobe products, including Acrobat and Reader, contain serious security flaws. PDFs can become containers for viruses distributed via email and downloaded on the web. A better PDF solution can provide an alternative that bakes more robust tools for security into the software.
When your staff can digitally sign documents, it’s no trouble to verify a PDF’s provenance and confirm its authenticity. Password protection along with rights management integration keeps sensitive information in front of the right people. Moreover, security pre-screening in Power PDF detects threats to prevent them from harming your systems.
3. Ad Hoc Fixes That Disable Security Measures
Did your IT team recently struggle to add new hardware or software to the existing system?
Sometimes, security solutions complicate the integration of new tech, and the team may need to turn some protections off temporarily to achieve compatibility. Conflicts with antivirus software installations or network firewall solutions are not uncommon when connecting new components.
At first glance, there’s nothing wrong with a quick fix when the goal is to integrate the new addition in a safe, secure manner. The problem arises when those temporary measures become permanent, which leaves holes that could make it easier to infiltrate or disrupt a business’s operations.
A periodic review to ensure that all systems operate securely is the key to consistency.
4. Poor Password Practices
The most secure software in the world can fail if a user leaves the digital front door wide open. Despite its importance, modern password security is weak. Many users rely on passwords that hackers can easily guess through social engineering or with appropriate tools.
The large number of passwords that users must remember also contributes to poor habits such as reusing passwords. During a 2019 Google survey, more than half of the respondents said that they reused the same password for more than one online account. Such habits represent a clear threat to business security on many levels.
There are simple solutions, however, provided that a business backs them up with oversight and good governance. Enforce better password practices within your business – from requiring regular changes to acquiring an enterprise license for password management software.
5. Lax Network Security
Business networks are popular targets for bad actors, but good network security requires more than encrypting the wireless network. Encryption might prevent someone from sitting in the parking lot and infiltrating your network, but it won’t be enough to stop other threats.
Good network security means implementing a series of practices and procedures that ensure the continued integrity of your business’s systems.
For example, consider remote employees. What hardware do they use to access your network? What level of control does your business have over their connection to the company’s servers? Just like a BYOD policy, malware infections on an employee’s personal computer could find their way back to the company network.
Unsecured “Internet of Things” devices also pose a risk to business networks. One device with exploitable flaws, when exposed on the open Internet, gives hackers an opportunity to get a foot in the door.
If web-connected third-party devices are an unavoidable necessity, select them with care. If possible, always apply the latest security patches.
6. The Dangers of Phishing
While worries about insecure software and malicious websites are common in enterprise security, there are also unpredictable human elements at play.
Phishing remains a significant threat to businesses, and those operating phishing scams aren’t always out for employee passwords—some phishing attacks are more direct.
For example, consider an accounting employee who receives a seemingly legitimate email from a supplier requesting information about an order. The email contains an attachment, which resembles an order form, but it contains a Trojan horse virus. A closer examination of the email and its circumstances might reveal multiple red flags to indicate its fraudulence.
Proper education and awareness is still the best defense against phishing.
7. The Human Element
Not all vulnerabilities are digital–just as not all security threats come in an email. Social engineering, or the manipulation of individual employees into granting unauthorized access to outsiders, is more of a threat than many businesses realize.
“Social attacks” are often the first step on the road to a larger security breach. It may be as simple as calling a receptionist and learning some personal information, or it could escalate to trespassing within your business.
The subtle nature of social attacks makes it hard to detect. However, the key indicators include suspicious, probing questions from individuals who should already know the information that they seek.
Better training and fraud prevention practices are the keys to mitigating this unique threat.
Secure Your Business Against the Latest Threats
According to Malwarebytes, we are witnessing a reversal of the trend of malware users favoring individuals over enterprise targets. Business malware detections rose by more than 10% in 2019.
While protecting your system against big-picture threats remains essential, so is the task of plugging security holes that offer attackers a way to get inside.
From improving device policies to choosing software products that put security first, there are plenty of ways for your business to make itself safer today.