Sunday, 5 July 2015 Blog ehdf

Cyber Security: Identifying Weak Points

Unethical hackers are always probing for gaps in the system to wreak havoc and misuse sensitive information. Cybercriminals can inflict devastating damage and the speed in which they can accomplish their task is only getting faster. With that in mind, it is paramount that security professionals are aware of the common weak points:

1.Misused PII: Data breaches can be a result of personally-identifiable information (PII) which is lost and stolen by a third party, or accessible by unauthorized personnel

2.Ambiguous legal measures/policies: Cyber criminals can manipulate unclear company, federal and local laws related to protecting personal data. When policies are under-developed or not implemented, hacking is made easier

3.Inadequate technical security for mission-critical data: Failure to encrypt sensitive information and not scheduling regular secure back-ups or audits can also create an entry point for cyber criminals. Moreover, logging controls, firewalls, anti-viruses, intrusion detection technologies and security patches must be constantly updated, in order to enhance security

4.Gaps in physical security: When PII is not restricted to employees, limited staff and service providers, it creates a weak point in the security chain

5.Inefficient administrative safeguards: Since the weakest security link can often be humans, companies must incorporate privacy and security training and instil the culture of data privacy within all employee groups. They must also monitor for data leakages through inventory scanning and authorization clauses

6.Passwords: Most users end up selecting commonly used passwords because they are easy to remember. This is a vulnerability because it gives others a good chance to guess the correct password

As enterprises grow more vulnerable to malicious invaders, spammers and hackers, they must stay ahead of the security game and adopt some best practices:

1. Stay informed of new types of virus or malware in the IT domain, to take preventative measures and mitigate risks to your data

2. Create a strong internal cyber-security policy and control systems, and include enforcement criteria along with consequences of non-compliance

3. Establish clear rules on third-party accessibility and control within your service provider’s SLA. This is especially important when users adopt public cloud

4. Encrypt your sensitive data when emailing, storing or transporting to an alternate platform; communicate over wireless connections. Additionally, enterprises must secure their endpoints with the use of Data Loss Prevention (DLP) tools, which provide visibility to incoming and outgoing traffic, blocking malicious threats and viruses and protecting internal, cloud-based data storehouses

5. Consult with services providers who offer reliable and attractive business continuity solutions, disaster recovery and back-up plans in case of an attack.