Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

6 biggest business security risks and how you can fight back

Jennifer Lonoff Schiff | Jan. 21, 2015
Security breaches again made big news in 2014. Yet despite years of headline stories about security leaks and distributed denial-of-service (DDoS) attacks and repeated admonishments from security professionals that businesses (and individuals) needed to do a better job protecting sensitive data, many businesses are still unprepared or not properly protected from a variety of security threats.

Also, "make sure employees use strong passwords on all devices," he adds. "Passwords are the first line of defense, so make sure employees use passwords that have upper and lowercase letters, numbers and symbols," Carey explains.

"It's also important to use a separate password for each registered site and to change it every 30 to 60 days," he continues. "A password management system can help by automating this process and eliminating the need for staff to remember multiple passwords."

Encryption is also essential.

"As long as you have deployed validated encryption as part of your security strategy, there is hope," says Potter. "Even if the employee hasn't taken personal precautions to lock their phone, your IT department can execute a selective wipe by revoking the decryption keys specifically used for the company data."

To be extra safe, "implement multifactor authentication such as One Time Password (OTP), RFID, smart card, fingerprint reader or retina scanning [to help ensure] that users are in fact who you believe they are," adds Rod Simmons, product group manager, BeyondTrust. "This helps mitigate the risk of a breach should a password be compromised."

Risk No. 3: Mobile Devices (BYOD)

"Data theft is at high vulnerability when employees are using mobile devices [particularly their own] to share data, access company information, or neglect to change mobile passwords," explains Jason Cook,CTO & vice president of Security, BT Americas. "According to a BT study, mobile security breaches have affected more than two-thirds (68 percent) of global organizations in the last 12 months."

Indeed, "as more enterprises embrace BYOD, they face risk exposure from those devices on the corporate network (behind the firewall, including via the VPN) in the event an app installs malware or other Trojan software that can access the device's network connection," says Ari Weil, vice president, Product Marketing, Yottaa.

Solution: Make sure you have a carefully spelled out BYOD policy. "With a BYOD policy in place, employees are better educated on device expectations and companies can better monitor email and documents that are being downloaded to company or employee-owned devices," says Piero DePaoli, senior director, Global Product Marketing, Symantec. "Monitoring effectively will provide companies with visibility into their mobile data loss risk, and will enable them to quickly pinpoint exposures if mobile devices are lost or stolen."

Similarly, companies should "implement mobile security solutions that protect both corporate data and access to corporate systems while also respecting user's privacy through containerization," advises Nicko van Someren, CTO, Good Technology. "By securely separating business applications and business data on users' devices, containerization ensures corporate content, credentials and configurations stay encrypted and under IT's control, adding a strong layer of defense to once vulnerable a points of entry."

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.