26 Mar Top 3 overlooked areas of data security
Ensuring complete, end-to-end security for all critical software and hardware is becoming an uphill battle for companies of all sizes and across every industry. Not only is the overall threat environment growing – with increasingly sophisticated attack approaches being used by cybercriminals every day – but there are a few areas that are traditionally overlooked internally.
In order to have the most robust security posture, your organization must make efforts to ensure that any gaps in protection are identified and addressed. Here are a few essential areas to double check first:
Software updates
It’s no secret that many individual users and even IT admins put off patching their critical software systems. It can be a time-consuming pursuit, and can sometimes require restarts that can impact productivity.
The recent rash of ransomware attacks demonstrates the need for more consistent software updates. As Business Insider contributor Elissa Redmiles pointed out, many users and organizations fell victim to the WannaCry exploit in particular because their systems weren’t updated in time to guard against it.
“WannaCry could have been avoided, or at least made much less serious, if people (and companies) kept their computer software up to date,” Redmiles wrote. “The WannaCry attack demonstrated how hundreds of thousands of computers in more than 150 countries are running outdated software that leaves them vulnerable.”
As this case shows, consistent patch management is key, and IT teams should work to ensure that updates are rolled out as soon as possible after they are released.
Employee training
Your company’s own staff members can also present an overlooked area of security. Aside from malicious insiders, employees unaware of the latest threats and untrained in protection best practices can be a huge vulnerability. Even something as seemingly innocent as misplacing a device can have considerable repercussions if the endpoint contains sensitive enterprise intellectual property and isn’t password-protected or otherwise secured.
“A company’s investment in firewalls, encryption, password protection, and other security measures can be completely undermined, even accidentally, by a single employee,” FindLaw noted. “At the same time, employees can be one of the company’s best lines of defense against internal or external data security breaches.”
In this way, it’s imperative to have a written security policy accessible to employees and to take steps to train workers as to their data protection responsibilities. In addition, education about current threats can help staffers identify suspicious activity that could point to a potential attack.
Proper hardware disposal
Finally, it’s imperative that hardware is cleared of all data and files and is disposed of properly when replaced or updated. As Harvard Business Review contributor Kyle Marks noted, ensuring hardware is appropriately cleared and disposed of is becoming increasingly difficult as organizations utilize an array of different platforms for data storage. However, improper disposal could result in the exposure of incredibly sensitive data, and it’s essential that steps are taken to remove all information and assets from hard drives before recycling.
To find out more about bolstering your information security, connect with the experts at Pinnacle today.