|
By Sara Jameson
I came across these ten potential security holes and thought I would share them with you as they
are more relevant now than ever in light of what has transpired on the
SONY Play Station Network in the last month. If CIOs are not making
corporate security a top priority then they are not properly serving
their organizations. It is difficult to remain 100% confident in your
organizations security policies and procedures, but we must remain 100%
committed to diligence in constant upgrades and feedback from attempted
breaches to our networks and systems.
Top 10 Threats to Data Security and Privacy for Businesses:
1. Data Breach Resulting From Poor Networking Choices
Cisco. Sun. These are enterprise-level networking choices that are
found in large IT departments around the world. The price tags,
however, price small or medium business out of the market. If these
businesses have networks at all, they may use networking devices
targeted at home users. Some may forgo the use of routers at all,
plugging directly into the Internet. Business owners can block most
threats by using a quality router, like a NETGEAR or Buffalo brand
router and making sure to change the router password from the default.
2. Data Breach Resulting From Improper Shredding Practices
Dumpster diving identity thieves target businesses that throw out
paperwork without shredding it. Most home shredders will suffice for
small businesses in a pinch, but a commercial shredder is a wise
investment if private information is printed and shredded daily.
3. Identity Theft Resulting From Public Databases
Individuals, especially business owners, often publish lots of
information about themselves in public databases. Businesses are
registered with the county clerk, telephone numbers are in the phone
book, many individuals have Facebook profiles with their address and
date of birth. Many identity thieves can use information searchable
publicly to construct a complete identity.
4. Identity Theft Resulting from Using a Personal Name Instead of Filing a DBA
Sole-proprietors that do not take the time to file a Doing
Business As application are at a far higher risk of identity theft due
to their personal name, rather than their business names, being
published publicly.
5. Tax Records Theft Around Tax Time
Businesses must ensure that tax returns are dropped off at the
post office and refunds are collected promptly from the mailbox.
Identity thieves often steal tax returns from an outbox or mailbox.
6. Bank Fraud Due To Gap in Protection or Monitoring
Business owners know that it is vital to balance their accounts
every month to ensure that checks are not being written out of business
funds by embezzlers, but many businesses rarely, if ever, check what
kind of credit accounts have been opened under the business name.
Monitoring services can alert business owners when new credit accounts
are opened fraudulently.
7. Poor E-mailing Standards
Many businesses treat e-mails as confidential communications,
but this is far from the case. They are available to a number of people
other than the recipient. It's more appropriate to treat e-mails as
postcards, rather than sealed letters.
8. Failing to Choose a Secure Password
In fact, many security experts are recommending the use of a
pass phrase, rather than a pass word. Pass phrases are several words
long, at least three, and are far more secure than passwords. A pass
phrase like "friday blue jeans" can be typed far quicker than a
complicated password, and it doesn't need to be written down on a
post-it.
9. Not Securing New Computers or Hard Drives
Businesses that had their IT system professionally installed may
opt to upgrade a computer or two by themselves. This is strongly
discouraged on a business network, as new computers must be
professionally secured or else they pose a serious threat and an entry
point for hackers.
10. Social Engineering
Social engineers are individuals that call and claim they are
from another organization. They may even claim to be with a firm that a
business owner does business with. If someone you do not know calls on
the phone, be sure that it is the person you think it is before
revealing passwords or confidential information.
Cross Posted from myITview.com
Only registered users can write comments.
Please login or register. |
