Posted on Monday, December 30, 2019Blog written by Rob Swenson
People are the most vulnerable layer of network security for most businesses. Employees at nearly all levels play important roles in protecting companies’ critical assets. That’s why responsible businesses train and test their employees, and then repeat the process with updated instructional material.
Threats change. So, to be effective, training must be constantly updated, too, said Jake VanDewater, who is the director of network operations at SDN Communications, and Mike Klein, the Sioux Falls company’s managed services team lead.
“It’s not enough to do it once,” Klein said. “It’s such an ever-evolving threat vector. Continuing to refresh is critical.”
Once good, human safeguards are in place, a company can put more attention on mechanical means of protecting a network.
Protecting a company’s electronic assets can be especially challenging for small and mid-sized companies because they often lack the security staff and other resources that larger enterprises can afford.
Viewing potential targets from the perspective of a hacker might help smaller businesses devise or improve their strategy for protecting a network from outside threats, according to VanDewater and Klein. They identified some general areas that cyber thieves are likely to examine in attempts to penetrate a company’s security.
Below, you’ll find five possible vulnerabilities that cyber thieves commonly exploit along with suggestions Klein and VanDewater. Businesses should keep these targets and solutions in mind while formulating or reviewing a protective strategy:
- Outdated software. Apply patches and updates promptly. The fact that software is reported as outdated is an indicator of potential problems.
- Open ports. Install a firewall, if there isn’t one in place already, and have it programmed to close ports that are unnecessarily open. Open ports can be pathways for intruders.
- Social engineering. This is a key area in which the need for continuous employee training comes into play. Beware of phishing, for example. Phishing is when hackers use email or some other means of communication to try to acquire sensitive information or infiltrate a network.
- Compromised credentials. Data breaches at many organizations have provided hackers access to all sorts of potentially useful information, including personal information, user names and passwords. A lot of that type of information is available on the Dark Web. Data breaches have increased the need for computer users to use unique and strong passwords for every account they have. In addition, they should change passwords often. Using an online, password-management service can help users remember their passwords and stay organized.
- System exposure. Be careful what parts of your network are accessible to the public. The public might not need access to a company’s customer relationship management strategy, for example. Also, limit employees’ network access to only what they need to do their jobs.
VanDewater and Klein stress the importance of companies taking a layered approach to providing security.
Viewing security strategy as a series of rings encircling mission-critical assets might help. The rings start at the outer perimeter and include layers of network, endpoint, application and data security. Precautions should be implemented at every layer, not just sprinkled about here and there, Klein said.
“It’s a constant battle,” he said. “Everything you can pile on makes it more difficult for hackers.”
SDN can help existing and prospective clients review their protection system by conducting a cyber threat assessment, VanDewater points out. A special firewall is temporarily installed to help measure the level of threats facing a company. For more information about assessments, call 800-247-1442.
SDN Communications is a leader in providing business internet, private networking and cloud connectivity to businesses and organizations in communities such as Sioux Falls, Rapid City, Worthington and the surrounding areas.