Keep your cyber-door locked

Fred Juhlin

Locking the door is the first rule for a safe home. However, when it comes to cybersecurity, you may be leaving your system’s entrance open to malicious users.

Over the last decade, the importance of data – and what can be done with it – has led to a new breed of cyber criminals. No longer are they looking to extort big multinationals for money –now every company in possession of data, from a client database to plans for new products in development, is a target for hackers. Therefore, cybersecurity is now a top priority for businesses large and small.

Vulnerability is something no system can escape and when adding more devices to your network, you are adding more points of entry that can be exploited. The irony is that, while you may be adding more cameras to protect your premises, if they are not maintained and safeguarded against cyberattacks, they could be adding to your risk of having your network compromised.

New vulnerabilities are discovered frequently, but whether they pose a critical risk depends on two factors: First the probability that a vulnerability can be easily exploited, second the impact that its exploitation could have on the rest of the system. Like the lock on your front door, the harder a vulnerability is to break, the less it poses a risk.

This doesn’t mean there is a one-size-fits all solution. Every business’ needs will be different as they will have different areas of risk and possible “points of entry”. The truth is no system is immune from being breached, if a determined hacker has enough time and resources available. Similarly, not managing internal access to a system can leave it open to being compromised. It is important that you consider both internal and external threats when developing your cybersecurity plan.

Key considerations for network security

1. Passwords

There’s a reason why passwords are also known as “keys”. They are your first line of defense, so you need to make sure they are resilient, frequently changed and that they are not shared liberally. You wouldn’t use the same key for your front door and everything else, from your car to your safety deposit box. Similarly, you wouldn’t make a copy of that key for every acquaintance you meet. That’s the same attitude you need to have when it comes to passwords.

In cybersecurity, this threat is described as accidental or deliberate misuse of the system. You may have employees accessing parts of the system they are not authorized to view, because a colleague or a superior shared their password with them. This creates potentially risky situation, so the solution is to put clear password policies and processes in place and make sure everyone in the company complies to them.

2. Legacy systems

Sometimes it may seem unnecessary to update a system, especially if it still functions smoothly. Updates can almost frighten us. What if the software has changed completely and you have to spend days working out how to use it? What if your old files can’t be read with the new version? What if the update makes the software incompatible with another element of your system? And so we keep working with version 2.0, when version 4.5 is already available.

The older a system is, the more likely it is that any vulnerabilities have been found by cybercriminals. Therefore, these systems have a higher chance of being exploited. The solution is to update your system regularly, because most weaknesses are found by the manufacturers, who run vulnerability scans and penetration tests in order to locate them. Updates and patches fix vulnerabilities and keep you safe.

3. Too many devices

Arguably, a house with a lot of doors and windows can be a challenge, as you need to make sure all of them are properly closed. That’s the same for your company’s system; you need to watch out for all your access points, for every device connected to your network, because a single vulnerable one is enough to compromise all the rest.

If you have control over your devices, you can apply the same safety standard and procedures to all of them. However, when your employees are working remotely or with their personal smartphone, tablet or computer, it gets way more difficult to spot weaknesses. Again, the solution is to put in place policies for the whole company, for example a rule that allows the employees to access the system with a personal device, but only if it has a certain security criteria.

4. Untrained personnel

This may come as a surprise, but phishing emails are still one of the most successful methods of obtaining illegal access to a system. Some phishing attempts can be quite obvious, but others are more difficult to recognize, especially if the attacker has used social engineering techniques to study your company and better impersonate the part.

That’s why it is crucial to train your employees, every single one of them, on cybersecurity best practices. Teach them to look for and spot the signals of a possible phishing email, but also give them an email address to which they can forward suspicious messages, so they can be screened if in doubt. Never underestimate human error.

In conclusion, anyone with the right amount of will, patience and time can hack a system. By taking steps to secure your system, you can make it costly, in terms of time and resources, for cybercriminals to access your network that they just decide it’s simply not worth the effort to keep trying.

If you wish to know more about cybersecurity management:

Read our blog post about shared responsibility