Companies get hacked far too often and it almost ALWAYS stems from failure to follow basic security measures.
How vulnerable are most companies to hacking? Many hackers claim they can aim their efforts at pretty much any target and guarantee a break-in without much effort. It doesn’t have to be this way. The problem is that most companies keep making the same mistakes over and over again when it comes to their IT infrastructure.
Some of the most common security mistakes are:
Failing to understand what apps are running
Many have no clue about the programs running on their computers. New computers often come preloaded with dozens of utilities and programs the user doesn’t need, then users routinely add more. It’s not unusual for a normal PC to be running hundreds of programs and utilities at startup. How can you manage what you don’t even know you have? Lots of these programs have huge, known vulnerabilities. If you want to secure your environment, you have to inventory what programs are running, get rid of what you don’t need, and secure the rest.
Neglecting to have a password policy
Passwords should be strong (long and complex) and changed frequently. Wanna find out how strong your password policy really is? Here’s a handy tool from Microsoft that allows you to check the strength of your passwords. Use it. If your password is weak, CHANGE IT!
Failing to educate users about the latest threats
This one stumps me the most. We (those of us working in the IT world) say end-users are our weakest links, but then we don’t educate them about the latest threats. Most end-users are incredibly educated about email file attachment attacks and often don’t open emails from people they don’t trust. But ask end-users if they realize they are most likely to be infected by a website that they know, trust, and visit every day — and you’ll hear crickets. Most end-users have no idea about malicious ads on their favorite website or the fact that popular Internet search engines may get them infected. They don’t know that the cute little app being pushed their way by a friend in Facebook is most likely malicious. They don’t know the difference between their antivirus software and the fake one that just popped up in a window on the screen. They don’t know because they haven’t been taught.
These are HUGE problems for most companies. What’s the solution? Well, a good start would to have your IT department or CIO host yearly or semi-yearly “how-to” meetings with your staff and address basic web safety questions. This will go a long way in helping to secure your IT environment.
Remember, if your company gets hacked, it may very well be your fault.
BE PROACTIVE…NOT REACTIVE!!!