Preventing data breaches is the top concern of many companies. About 74% of global businesses say preventing a data breach is a top priority for next year. This is unsurprising as cyber attacks continue to target businesses and cost them thousands of dollars.

When it comes to protecting your company, you need to be aware of and understand the impact of all your vulnerabilities. This not only includes making sure your employees are cyber ready but your network infrastructure as well. The best way to protect your company is to have your employees and environment work together.

infrastructure

Source: Accenture

5 Risks and Fixes For Your Environment

1. No Patch management: Patch management can be a challenge for organizations because it’s hard to monitor all applications on a daily basis. However, it is one of the most important steps an organization should take because hackers can exploit vulnerabilities in applications if they are not patched. For example, a big reason why WannaCry ransomware spread so much last year was because organizations failed to properly patch their systems.

The fix: Make sure you keep track of the new updates for your applications and apply them as soon as possible. Using patch management software will help you apply patches across every major device operating system. That way, you can focus on your business instead of worrying about patching all your systems. Our Manage IT service provides remediation and patch management to your devices to ensure performance and security.

2. Compliance obligations: As we talked about earlier, Canada recently implemented new privacy regulations for all businesses regarding the disclosure of data breaches. Besides these new rules, businesses also have to follow industry regulations, and other standards such as GDPR if doing business in Europe. With so many rules to follow, a lot of logistics are involved to ensure that your network has the correct security controls and technology systems. Furthermore, preparing for audits can create additional stress for companies.

The fix: Consider doing a security assessment to ensure that your network meets all necessary requirements. This will help protect your company in the long run and give you insight on the cyber risks to your company and how you can improve.

3. Legacy software/hardware: 64% of enterprises cite legacy systems as their top barrier to IT transformation. Failing to upgrade poses a lot of problems that can affect the productivity of your business and your security. For example, your IT team may be spending more time trying to maintain legacy systems to work for your environment instead of focusing on other necessary tasks. Depending on how old your software/hardware is, it could be a security risk. Vendors that stop supporting software mean they no longer release security updates for that product. A hacker can exploit these vulnerabilities without you knowing and can remain unfixed. Furthermore, using legacy hardware can affect the performance of your systems because it won’t be able to support the demands of new applications. If a hacker were to use a denial of service attack it against your legacy systems, they might not be able to handle it.

The fix: If you’re still using legacy products, it’s time to consider upgrading. The security risk of using these products outweighs the cost it will take to modernize your IT infrastructure.

4. USB drives: Although many organizations restrict the use of USB sticks or rely on the cloud for file transfer, malware spread via USB is still a threat today. Preying on people’s curiosity, hackers will drop random USB near busy places and hope someone picks it up and uses it. And people do. A study showed that nearly 50% of people will pickup and use random, discarded USB drives.

The fix: Ensure that your employees know not to use unknown USB sticks. Review your policy regarding the use of USBs or removable media. Include controls such as using only encrypted USB drives or limiting when they can be used. Furthermore, you can disable autorun on your computer. This will prevent your computer from reading the device as soon as it’s inserted. To disable autorun you will have to reconfigure your computer settings.

5. Lack of Network segmentation: Network segmentation allows you to break your network into smaller networks so that they are isolated from one another. That way, a hacker who gets into your organization will not be able to affect your entire network at once. This will also prevent workers from accessing information that is not relevant to their work.

The fix: Make sure you are using a separate guest WiFi network for visitors. That way, you can still offer them internet while keeping them off your network. For segmenting your internal network, it can be a long process and requires a lot of planning and design. This is why it’s important to have IT professionals like our Consult IT team who can work with you to fit your needs.