As a business, you have an increasing responsibility to your clients and employees to protect their sensitive and personal information. As cyber threats and government regulations continue to gain momentum, the implementation and maintenance of an effective security program is critical and no longer an option to your business’s long term stability and overall success.
There are many ways cyber criminals can victimize your business, scam your customers and hurt your reputation. Businesses of all sizes should be aware of the most common scams perpetrated online.
Securing your company’s network consists of
1 – Identifying all devices and connections on the network;
2 – Setting boundaries between your company’s systems and others
3 – Enforcing controls to ensure that unauthorized access, misuse, or denial-of-service events can be thwarted or rapidly contained and recovered from if they do occur.
- Secure internal network and cloud services.
- Develop strong password policies.
- Secure and encrypt your company’s Wi-Fi.
- Encrypt sensitive company data.
- Regularly update all applications.
- Set safe web browsing rules.
- If remote access is enabled, make sure it is secure.
Email has become a critical part of our everyday business, from internal management to direct customer support.The benefits associated with email as a primary business tool far outweigh the negatives. However, businesses mustbe mindful that a successful email platform starts with basic principles of email security to ensure the privacy andprotection of customer and business information.
- Set up a spam email filter
- Protect sensitive information Secure Encrypted Software
- Set a sensible email retention policy.
- Develop an email usage policy.
cyber threats and terminology
is half the battle.
Download: Our Cyber Security Check List and Glossary.
Mobile Device Security
If your company uses mobile devices to conduct company business, such as accessing company email or sensitive data, pay close attention to mobile security and the potential threats that can expose and compromise your over all business networks. Data loss and data breaches caused by lost or stolen phones create big challenges, as mobile devices are now used to store confidential business information and access the corporate network. According to a December 2010 Symantec mobile security survey, 68 percent of respondents ranked loss or theft as their top mobile-device security concern,while 56 percent said mobile malware is their number two concern. It is important to remember that while the individual employee may be liable for a device, the company is still liable for the data.
- Data Loss – An employee or hacker accesses sensitive information from device or network. This can be unintentional or malicious, and is considered the biggest threat to mobile devices.
- Social Engineering Attacks – A cyber criminal attempts to trick users to disclose sensitive information or install malware. Methods include phishing and targeted attacks.
- Malware – Malicious software that includes traditional computer viruses, computer worms and Trojan horse programs. Specific examples include the Ikee worm, targeting iOS-based devices; and Pjapps malware that can enroll infected Android devices in a collection of hacker-controlled “zombie” devices known as a “botnet.”
- Data Integrity Threats – Attempts to corrupt or modify data in order to disrupt operations of a business for financial gain. These can also occur unintentionally.
- Resource Abuse – Attempts to misuse network, device or identity resources. Examples include sending spam from compromised devices or denial of service attacks using computing resources of compromised devices.
- Web and Network-based Attacks – Launched by malicious websites or compromised legitimate sites, these target a device’s browser and attempt to install malware or steal confidential data that flows through it.
Website security is more important than ever. Web servers, which host the data and other content available to your customers on the Internet, are often the most targeted and attacked components of a company’s network. Cyber criminals are constantly looking for improperly secured websites to attack, while many customers say website security is a top consideration when they choose to shop online. As a result, it is essential to secure servers and the network infrastructure that supports them. The consequences of a security breach are great: loss of revenues, damage to credibility, legal liability and loss of customer trust.
- Cyber criminals may exploit software bugs in the web server, underlying operating system, or active content to gain unauthorized access to the web server. Examples of unauthorized access include gaining access to files or folders that were not meant to be publicly accessible and being able to execute commands and/or install malicious software on the web server.
- Denial-of-service attacks may be directed at the web server or its supporting network infrastructure to prevent or hinder your website users from making use of its services. This can include preventing the user from accessing email, websites, online accounts or other services. The most common attack occurs when the attacker floods a network with information, so that it can’t process the user’s request.
- Sensitive information on the web server may be read or modified without authorization.
- Sensitive information on backend databases that are used to support interactive elements of a web application may be compromised through the injection of unauthorized software commands.
Examples include: Structured Query Language (SQL) injection, Lightweight Directory Access Protocol (LDAP)
injection and cross-site scripting (XSS).
- Sensitive unencrypted information transmitted between the web server and the browser may be intercepted.
- Information on the web server may be changed for malicious purposes. Website defacement is a commonly reported example of this threat.
- Cyber criminals may gain unauthorized access to resources elsewhere in the organization’s network via a successful attack on the web server.
- Cyber criminals may also attack external entities after compromising a web server. These attacks can be launched directly (e.g., from the compromised server against an external server) or indirectly (e.g., placing malicious content on the compromised web server that attempts to exploit vulnerabilities in the web browsers of users visiting the site).
- The server may be used as a distribution point for attack tools, pornography or illegally copied software.
New Level Technology
– (954) 451-6208
– (954) 507-2303