According to Verizon’s 2015 Data Breach Investigations Report, many of the 2,122 data breaches last year fell into just seven categories, all of which can be remedied:
Ensure you have a robust bring your own device (BYOD) policy to help reduce the specter of unauthorized access to your corporate information, malicious activity, and malware infestations, promising a more secure and efficient work ethic for employees.
Interesting fact: Kaspersky’s Q1 2015 report found a 3.3 fold increase in monetized mobile malware threats.
Device loss or theft
Many of the biggest data breaches occur because a laptop, smartphone, or other device was left unattended and stolen. Although you can’t completely prevent this from happening, the vast majority of devices have the capability to encrypt and password-protect the data they hold. It is strongly advised to take advantage of these extra security measures.
You can also raise awareness among your staff of the importance of keeping devices containing sensitive corporate information close at hand at all times. Many organizations use information security e-learning to help raise awareness among their employees.
Interesting fact: Lost and stolen mobile devices are a leading cause of health care data breaches.
With the average office worker sending or receiving 121 emails a day, unencrypted emails pose a significant threat to businesses. With sensitive information floating around abundantly on corporate email networks, it is fairly easy for criminal hackers to download tools and collect unencrypted email.
There are a lot of user-friendly solutions out there to encrypt corporate emails without being laborious or expensive. An email encryption system also safeguards against human error by limiting the chance of accidentally sending an email to the wrong person.
Interesting fact: Although the Sony Pictures’ data breach is still being investigated, there’s no doubt that the bulk of the attack’s notoriety came from the release of unencrypted emails sent between Sony Pictures executives, directors, actors, and other employees.
If your Wi-Fi is unsecured then you’re making it easy for hackers to spy on your traffic and network. Put a security policy in place for your network and enforce it.
Interesting fact: US-based TJX retail group famously suffered a data breach in 2007 after an assault on its Wi-Fi network, exposing at least 45.7 million credit and debit cardholders to identity fraud.
As malware has modernized over the years, it is now designed to sit unnoticed on your network and exfiltrate data silently.
Many companies do not fully understand how their firewalls should be configured, or how to offer real-time protection for all devices and locations. It is imperative that you know your firewall’s limits and that you have an expert on hand to test your vulnerabilities.
Conducting a penetration test for your systems is the most effective way to demonstrate that exploitable vulnerabilities in your Internet-facing resources are adequately patched, and that you have appropriate technical security controls in place to help protect against cyber intrusions. Find out more >>
Interesting fact: The Sony PlayStation Network failed to use firewalls properly to protect its networks back in 2011, which invited thieves to steal 77 million users’ account information.
Broken web filters
Organizations need to have real-time web filters in place that can process data as it arrives. This helps scan for web-based malware and suspect URLs that a traditional static filter cannot find.
Interesting fact: Web filtering is now becoming a real security management tool for many companies, mainly to stop employees downloading illegal material.
Even though Apple Macs are considered to be safe and secure, they are not completely immune to cyber attacks. Apple has put extra security measures in place – such as Gatekeeper, which blocks any software that hasn’t been digitally signed and approved by Apple from running on your Mac without your agreement – but these aren’t always perfect.
Secure your Macs like you would any other computer, using adequate security software that is regularly updated.
Interesting fact: In 2012, the Flashback Trojan managed to infect more than 600,000 Macs with malware, without even needing the user’s password.