In our work, we see a lot of businesses’ technology systems. That means that we’re familiar with signs that a company’s systems may be vulnerable to threats that could lead to a breach of data. Here are the top 10 cybersecurity red flags we encounter in our work:
1. Shared User Accounts
Sometimes companies create a shared username and password to allow several employees to log into a single workstation or application. While this is convenient, it’s also insecure, as it results in a lack of accountability for access to confidential data.
2. Weak Passwords
We often encounter weak passwords, which are easy to hack. Strong passwords are longer (at least 15 characters) and contain a mix of symbols, capital letters, lower-case letters, and numbers. If you have a hard time remembering complex passwords, we recommend using a secure password manager.
3. Unmanaged Backups
With ransomware on the rise, strong backup strategies are more important than ever. It’s not enough to have only one kind of backup, which you rarely pay attention to. It’s essential to mix remote with onsite backups, and it’s imperative that a trained professional monitor backup alerts.
4. Open Firewalls
Simply having a firewall on your network is not enough to prevent intrusions. We often find firewalls that have not been configured properly and are open to attack. It’s essential to have a competent professional install, configure, and consistently monitor your network devices.
5. Sensitive Information Sent Over Email
Because each message goes through a number of servers before reaching its destination, the contents of email are insecure. That’s why vendors have developed email encryption solutions. The best secure encryption solutions apply filters to automatically encrypt messages containing confidential information without the sender having to do anything.
6. No Business-Grade Antivirus
Antivirus is an essential first line of defense against the ever-present threat of malware. While most businesses we encounter have some kind of antivirus, we do often find consumer-grade software instead of appropriate business-grade solutions, which include more advanced tools for detecting and removing malware.
7. Unpatched or Unsupported Operating Systems
The operating systems on servers and workstations need to be patched continuously to prevent criminals from exploiting vulnerabilities. It’s common for us to find unpatched OSes in business environments, and we sometimes see unsupported OSes, like Windows XP or Server 2003, for which vendors no longer even release patches. Keeping all OSes are up to date and patched regularly is critical to preventing breaches.
8. Unmanaged File Syncing Solutions
Often, company employees use consumer-grade versions of popular file syncing solutions like Dropbox to collaborate store files across their devices. While these products certainly enhance productivity, all company files should remain under company control. Employees should never use personal accounts for work, and companies should implement business-ready versions of products like Box so that executives have granular control over company data.
9. A Lack of Clear Security Policies
Even with a relatively secure network, a lack of policies governing the ways team members create, access, and share data can lead to serious vulnerabilities. Policies need to be in place for everything from user permissions to what safeguards need to be in place on employee mobile devices.
10. Untrained Employees
Employee awareness, now more than ever, is critical to cybersecurity. From the C-Suite to interns, all users need training on how to spot fraudulent emails, how to implement safeguards on all their devices, and when to contact a technology professional for help. Otherwise, a company can invest in sophisticated technical safeguards and still be at high risk for a breach.