In a world of ever-advancing technology many company heads get lost in the daily bustle of complex boardroom wars, KRA charts, sales calls, SWOT analysis and coffee machine gossip, often overlooking the simpler things like securing their information systems. Security holes in everyday business can lead to breaches that can reach a stature enough to reduce a multi-million dollar company to an entity not even worth two-cents. Let’s look at some major reasons that businesses’ security gets compromised. Surprising thing is: they are all easy to prevent!
One of the most common reasons for security breaches is using software that is out-of-date. The whole process of software updation takes about 15 minutes (depending on the strength of the Internet connection). A coffee break combined with a puff of cigarette takes about 30! Yet, it is not due to the lack of time that most employees neglect the updates. Even if they try to keep their software updated, most companies have overactive firewalls or security protocols that prevent them from doing so. Outdated software is a major security risk. They may have certain vulnerable applications that, when targeted by malicious software, can make the hard disk crash leading to data loss. Well, if the outdated software or application happens to be the free-to-download-and-install Internet Explorer, there can be no bigger crime than that!
CHECKING PRIVATE EMAILS
We all tend to check our private emails while at office. While there is no rule of law to prevent us from doing that, we also often click on unknown and potentially unsafe attachments. Not only does it release a series of threats to the IT network, it can travel from one machine to the other infecting many others on the way. Threats like this can be tackled by the proper use of anti-virus but again, one needs to download patches and updates for the anti-virus and anti-malware to keep them up-to-date or else they would be of no use. Also if possible, company heads may want to lay down a rule discouraging employees from opening executable files from external or unknown sources.
ZERO CREDENTIAL IT OUTSOURCING
Many companies, in order to cut operating costs, outsource IT support. While this may be cost-effective, it is a little like handing your home keys to a stranger with a record of lifting things! “Here are my home keys; all yours!” There is little or no accountability while outsourcing and when dealing with the company’s information security, that is an unacceptable risk. But if you have to outsource as there are probably no other options, check carefully the credentials of the company you would be outsourcing your IT work to. See if they have an office, a valid phone number, round-the-clock customer service, the works.
THE SERVER ROOM
Most offices generally have a separate room for IT equipment that is separately cooled. In common parlance, we call it the ‘server room’. Yes, the room where it’s almost minus 4 degrees and huge, humming, ugly looking equipments are piled up from floor to ceiling! Many companies fail to understand the importance of reserving a separate room for these equipments and even limiting access to ‘authorized personnel’ only. Ideally, only one or two senior members of IT department should have access to this room. It is so easy for a networking-literate data thief to enter the server room and tamper with the machines. You wouldn’t even know if the room is not secured properly. It is advisable to fix at least to surveillance cameras to record entry and exit of personnel to and from this server room. Electronic access would be a good idea to make the system more secure.
BROWSING SANS INHIBITION
Often, many employees treat the office as a free cyber-parlour where they can sit and browse all day long. That is the most unfortunate thing that can happen to the employee if the Boss happens to come to know! Similarly, it may be the most tragic thing that can happen to your network system if it is not properly firewalled. Many sites accessed by employees may contain malicious self-executing applications. Uninhibited web browsing can lead to a huge hole in information security for any company. Either a firm law should be put to place regarding browsing during office hours or a completely different set of systems should be installed for uninhibited browsing and access to personal folders. This should, in no way, interfere or overlap with the regular official information network.
CARRYING DATA HOME
Some of the worst security breaches in network IT history have been when trusted employees take official data home. Many companies think it to be okay if employees take a bit of their work home to mull over it before turning in for the night. The availability of small and compact data storage devices have augmented the problem. There are so many ways in which sensitive data can be compromised, not just intentionally. Even the child of the employee gaining access to the data may result in a huge data loss risk. Companies should urge employees to leave office work at office. Now that would be a healthy habit!
There are countless other ways in which sensitive data may be compromised due to IT security breach. Employees may not be properly ‘password protected’, improper monitoring of offsite or third party data storage, improper data garbage disposal, lack of training in proper information security practices etc. The best thing about all these risks is that they are all preventable. Small measures like taking time to update software and applications, limited access to data, not carrying official work home can help overcome these issues. A blanket data security policy may serve a bit of the purpose but then again, the policy must be implemented diligently by the employees.