10 Security Threats to an Organization – Part 1
Every organization is aware of the importance of security – security of the building, security for employees and financial security are all a priority; however, an organization comprises many other assets that require security, most notably its IT infrastructure. An organization’s network is the lifeline that employees rely on to do their jobs and subsequently make money for the organization. Therefore it’s important to recognize that your IT infrastructure is an asset that requires top security. The question is, what should one secure against?
The No.1 enemy to all email users has got to be spam. Having your inbox fill up with useless messages that promote fake designer goods, bogus get-rich quick schemes and insinuate that you need to improve your love skills is not fun and is definitely not the reason for which you signed up for an email account. Unfortunately spam is a growing problem with research claiming that up to 94% of all emails that are sent are actually spam! That is a huge number when you consider just how prevalent email usage is nowadays. Spam presents an even bigger problem than just being irritating; it can also be harmful. Whilst some spammers do nothing more than direct you to websites to try and sell you things that you don’t need, there are spammers of the more spiteful variety who will include malicious links in their emails that when clicked on will download spyware, malware or other harmful files onto your machine. Therefore one of the first security solutions that you want to have on your server or workstation is anti-spam software.
If a virus hits it’s always bad news. A virus can copy itself and infect other machines without the user even knowing that the machine has been infected until disaster strikes. If a virus hits the network then it’s likely to propagate to files on other machines that are connected to the network. Viruses can also spread via email, instant messaging, an intranet and other shared networks causing networks and machines to overload or crash. They can also capture keystrokes which is where the problem of security lies because passwords and banking details can be revealed in this manner. Viruses can cause major security risks and start a cycle of problems for an organization. Implementing an anti-virus solution can save your network and all your files and emails that could easily be lost and corrupted.
Malware comprises a variety of malicious software types such as Trojans, worms and spyware which will infiltrate your machine without you even realizing. Once your machine is infected it could easily spread to executable files on other machines that are connected to the network thus causing an IT epidemic. Whilst some malware is created simply to disrupt a system, other malware is used for financial gain. Spyware, botnets and keystroke loggers all have malicious intentions as they take control of infected machines and use them to continue proliferating the attack; they also track user’s login details for the sites that they use thus violating their privacy, as well as taking note of credit card details if the user buys something over the Internet. Furthermore if the user has an online banking account, those login details are also tracked and reported back to the host of the malware. Malware encompasses more than just viruses; however, an anti-virus solution is the solution to this ever-growing problem. Keeping your anti-virus up-to-date is key to keeping your machine clean and malware-free; failure to do so will leave you open to attack.
Networks, servers, workstations – they all need to work seamlessly together for an organization to run its day-to-day tasks. If a server crashes, then the workstations are affected and people can’t carry on with their work. If the network fails the repercussions will affect the entire organization, and in turn affect production levels. So monitoring the network and servers regularly is a main task for any IT administrator; using network and server monitoring software this task can be automated with reports being generated on a regular basis. Server downtime equals business downtime which leads to a loss of profits – which all organizations want to avoid.
Vulnerability scanning and patch management
Vulnerability issues, patch management and network auditing are all security features that need to be addressed when dealing with networks. Leaving ports open is one of the most common security liabilities and attackers are aware of this. Scanning your network for open ports, machines that are vulnerable to infection is the first step to security. Once the scan is complete, patches must be deployed on all machines that are at risk of infection. By assessing your network and keeping up-to-date with all patches you greatly reduce the risk of security attacks occurring.
In the next segment of this article we’ll be taking a look at other security threats that can be present from within the organization and may not necessarily have a malicious intent, yet are still destructive to the business.