10 Security Threats to an Organization – Part 2
When looking at the first five security threats that can hit an organization we dealt with the harmful effects of spam, viruses and malware and how monitoring your network and investing in patch management is an effective way of preventing such threats from attacking your network and infecting your machines. Not all threats are external, and not all of them are done maliciously; however, they still have a negative impact on the organization so it’s important to be aware of all the potential dangers that are present both outside, and even inside, an organization.
When a decision is taken that is communicated via email, that data is valuable information for an organization. Most emails are dealt with as they come into a user’s inbox and then filed away and forgotten, but sometimes there are unforeseen situations that require a specific email to be found again. Without a proper archiving system in place, finding that singular email can cost an organization thousands of dollars and require days of searching through logs, and often one doesn’t have days to spare. Nowadays, legislation requires that all organizations have an email archiving system in place where emails are stored systematically and can be easily retrieved should the need arise. Email content can also prove useful for human resource cases if there is an internal dispute between colleagues as emails could hold information that is pertinent to the situation. Email archiving is not something to stay thinking about; it’s a solution that all organizations ought to implement, sooner rather than later because it can save you from an unwanted hassle and expense.
The proliferation of USB sticks, iPods and other portable USB devices have made it increasingly convenient to store and transfer data from one machine to another. Whilst this can be very useful for people who need to continue working outside of their office, it also poses a security risk that is oftentimes overlooked. An organization’s data, especially when it comes to financial information, budgets and future goals, is an asset and if this sensitive data were to fall in the wrong hands there could be serious repercussions for the organization’s reputation as well as their confidentiality. And this is where the problem with portable USB devices comes in. It’s very easy to insert a USB device and surreptitiously copy confidential files onto a USB device – files that can be sold to a competitor for the right price. Employers might think that this scenario is far-fetched because they trust their employees; however, it has been known to happen and organizations have suffered the consequences due to the lack of foresight. In these unstable economic times where many people are getting laid off, the mood is gloomy, and disgruntled employees would not be averse to a quick buck if they feel that their job security is shaky. Endpoint security is becoming more common as employers recognize the risks involved and the simple solution that they need to prevent such risks.
An organization’s data (including confidential files) is usually stored on the server or machine hard drives where people (with access privileges) can access these files to work on them. However, should their hard drive crash they run the risk of losing all the data that is stored and all the work that was put into those documents. Backing up data onto external hard drives or other hardware that is detached from the network or machine is the best way to protect your data as you will be able to restore all your files from your backup should a crash occur.
Internet access is available to most employees with the expectation that they use this resource for their work. Yet there are many distractions available on the web and whilst checking out the day’s headlines would not be regarded as a problem, if an employee were to spend an hour of his/her working day on social networking sites, chatting over IM or playing games, that would constitute a breach of work ethics. Employees need to have an Internet access policy in place that states what is and is not acceptable when it comes to Internet browsing. This is the first step to educating employees and most will follow it and not cause hassle, but there will always be someone who strays and if that person is found accessing inappropriate sites it could lead to disputes within the organization that could even escalate into a lawsuit; a situation that no organization wants to find itself in. The second step therefore would be to install web filtering software that can be set to block sites that are unacceptable in a working environment. Apart from monitoring websites, the software also filters all downloads to ensure that they are free of malware. In that way if someone is checking their personal email account and downloads an attachment that is infected, the web filtering software will not allow the download to complete.
Employees are part of an organization’s assets, yet, they are also their greatest liability when it comes to IT security. Many users are unaware of the threats that exist when they are connected to the network and subsequently to the Internet and nonchalantly browse various sites, click on links and download email attachments without a thought as to where it may lead them or what it may contain. Educating users about the risks involved when browsing the Internet and alerting them as to what they ought to look out for so as not to be duped into clicking fake links or downloading a virus is a basic, but extremely important, step for an organization’s security. By ensuring that your users are aware of the importance of security and its effects, will help them understand and respect any security software installed.