Network security threats are becoming increasingly sophisticated and seem to multiply by the day, resulting in endless headaches for IT professionals. With each new piece of technology arriving on the scene, a security threat seems to accompany it. The key for IT is to constantly evaluate current security measures and policies to identify any shortcomings that may be exposing the company to risk.
The following is a list of five network security risks your IT department may be overlooking, and what you can do to ensure maximum security around them.
1. USB and other external media: It is hard to imagine a world without them, but USB drives and other external media can pose a substantial risk to your company’s network. One way to mitigate this threat is to ensure that your anti-virus software is installed and constantly updated on each of your organisation’s computers. This is especially important for laptops and other mobile computing devices. Also, make sure that employees understand the risks associated with these devices. Knowledge-sharing on best practices may go a long way to ensuring that staff take responsibility for their actions when it comes to the organisation’s network security.
2. Insufficient policies: Staff that use company email and Internet facilities for personal matters should be educated about the dangers this poses to the security of the organisation’s information. A clear and comprehensive computer and Internet usage policy, coupled with proactive monitoring, will ensure a culture of compliance. IT managers need to take an assertive approach to ensuring that policies are adhered to, since they are ultimately accountable when security leaks result in damage to the company.
3. Wireless access points: You would be hard-pressed to find an organisation that doesn’t leverage the convenience of wireless technology today. Reliance on wireless hardware with poor security features can pose a serious threat to your network. Spending a little extra on trusted wireless hardware brands may prove a worthwhile investment down the line. Also, ensure that your wireless passkey isn’t public information. Any device that connects to your wireless network should be granted access to it by an IT staff member only.
4. Disgruntled employees: Although difficultfor IT to identify and mitigate, a disgruntled employee can be a very – if not the most – serious risk to your company and its information. Be sure that your computer and Internet usage policy clearly defines the scope of confidential company information and the legal ramifications for employees who wilfully destroy or distribute information identified as such. Monitoring and auditing software – often built-in features of server software – will assist in tracking the access, modification and distribution of company information by individuals.
5. Smartphones and tablets: A lost or stolen handheld device poses some serious risks if not incorporated into your network security policy. Such devices are often capable of being formatted of all company content remotely in the case of theft. Ensure that each device that connects to your company network is configured with minimum access to company information and maximum security controls. Access to network resources can always be increased if requested by the employee, but a conservative approach would minimise risk.
An approach to network security should consider all factors that may compromise your organisation. Network security is often viewed as an external threat, but it is equally important to consider the dangers that exist right under your nose. You’re not alone if you think that network security is a fleeting goal, but the key is to constantly evaluate your current security measures by testing their efficacy.
Image credit: Habey