With the recent Equifax security breach, companies are looking at the things that could be contributing to security holes in their business. No one wants to put their customer’s sensitive data at risk. There are a few common things you could be doing, however, that are putting your company at risk.
Careless Admin Access
A user with administrative privileges has the ability to cause a lot of harm. As a Managed IT Support company, we have seen many clients have a cavalier attitude about their administrator password, or even granting administrative privileges to specific users simply because it is easier. Yes, limited accounts can have issues accomplishing specific tasks, but there is a reason for the limitations. Instead of passing out the admin password like candy, grant users specific rights.
When a contractor or software vendor needs access to the system, create them an account with administrative rights (if they require it), instead of handing over the password to the main account. When the vendor has finished their work, you can disable their account easily. When you have to change the admin password it can have several unknown repercussions and is not recommended on a regular basis. When you hand over your
When you hand over your administrator password, imagine you are giving that person the keys to your office. Make sure you are ready to change the locks, just in case something goes sideways. Best practice is to protect your administrative access as much as you would protect your business from failing.
Unprepared for Theft or Loss
Employees store a lot of data about the company on their phone, tablet, laptop and other devices. Are you prepared for the possibility of these devices falling into the wrong hands? There needs to be a system in place for the ability to wipe the device of any sensitive information if it falls into the wrong hands. Many employees complain about the wording that comes with setting up corporate email on their device. It will usually warn of the fact that the company has the ability to delete the data on the device at any time. It can prevent people from setting up access to the company, or they could complain about it. This is absolutely necessary to ensure the safety of sensitive company data. There should also be policies in place to report the loss or theft of a device right away, to make sure the data is wiped before harm can come to the company.
IoT Devices & Printers
There are many devices on your corporate network that have access to the internet and can be a source of a breach. As more devices become internet connected, this threat grows tremendously. Even devices, like printers, that don’t appear to have outward access to the internet can pose a threat. Typically, when you print to the office printer, you are not directly connected to it. The data goes across the internal business network and prints out at the printer. If these devices are not kept up to date, they can open the company up to attacks. The same can be said for IoT devices like smart security systems, smart appliances, and voice assistants. All of these devices should be kept up to date, and examined for potential security risks.
Another way printers can pose a threat to your company data is when it comes time to replace the machine. Printers store images of jobs to make the job faster. Pulling the data from the internal hard drive of a printer can put company data into the wrong hands. A business can only hope that the most recent things you printed are jokes your mom sent you over email.
Keeping your company data safe is extremely important. If you weren’t already concerned, ask the ex-CEO of Equifax how he feels about it.