In the security industry, it's easy to focus on the threats we can protect against with systems and processes. Unfortunately, there isn't a system or process in place that can address human fallibility when it comes to protecting corporate assets. And oftentimes, it's human nature that leaves us exposed. Here are 5 areas to review with your team to ensure your employees aren't your weakest link...
Set it and forget it: leaving default admin passwords in place
Default passwords are left in place for many reasons: you don't think you need to change them because your firewall will protect you, belief that they are generally safe, or just a lack of understanding why they need to be changed. Whatever the reason, leaving these passwords in place can be tantamount to handing over the keys to your corporate kingdom. There are worms specifically designed to search for systems set with a default username and password as well as sites dedicated to publishing the default usernames and passwords for several major vendors.
Check out this story from security services company Coalfire on how companies leave themselves open to attack via default credentials.
Here fishy fishy: users falling for simple phishing schemes
Social engineering isn't news, but spear fishing attacks aimed at specific organizations are getting more sophisticated every day. A message from HR asking you to fill out a quick survey; an email from IT offering a gift card to help them test a new platform; an email from marketing asking for feedback on some new customer offers they are proposing - all tricky ways of getting corporate credentials.
Check out this story on how phishing schemes are a bigger threat than you might have guessed.
password123: unwitting workers leave the door wide open for hackers
44% of top enterprises have had their employees' passwords stolen and exposed on the internet. This is a huge liability for these companies, exposing them to a whole host of potential cyber-threats. The culprit in most cases is the reuse of corporate credentials for login to internet sites that have poor security practices for storing ids and passwords.
Read more about this threat in the CNBC article which discusses a study that reveals some compelling findings.
BYOD risk: a fool with a smartphone is still a fool
The BYOD trend continues to grow at an astounding rate and IT professionals surveyed believe that mobile devices in the hands of careless employees pose the greatest security threat. 98% of the respondents expressed concern about mobile security and with the average mobile security incident costing more than $250,000. The major concern that these professionals cite is lost or stolen devices.
And perhaps the hardest to address, but often overlooked: the insider with malicious intent. According to a recent Forrester Research report titled "Understand the State of Data Security and Privacy," 25 percent of survey respondents said that abuse by a malicious insider was the most common way in which a breach occurred in the past year at their company.
There are many practical steps you can take to limit the threat from within your own organization. Education programs can be very effective. For more information on Workforce Identity and Access Management solutions visit our page on pingidentity.com.