Four Nightmare Security Fails and How to Avoid Them

When your firm is juggling network security across many devices and settings — i.e. smart phones, tablets, office systems — the burden of keeping everything safe becomes overwhelming.

Companies should learn from the mistakes of others. The four major security fails below have contributed to some of the biggest security breaches in history. If you take the proper steps, you won’t have to repeat that history and find your business making the same kind of headlines.

1. Neglecting Your Software

Many companies, even the huge ones, get lazy about updating software patches in their systems.

Hackers know this — and they love it.

According to a March 2015 article in The Guardian, major security fails — such as the massive hacking breach at Target (which will result in Target paying $10 million to its victims, ouch) — could have been prevented very easily, as Hewlett-Packard’s Chief Technology Officer told The Guardian:

According to research from Hewlett-Packard (HP), 40% of successful hacks exploit a vulnerability that is more than two or three years old, where a piece of software exists to fix the problem. Trouble is, according to the chief technology officer of HP’s security division, Richard Archdeacon, companies often fail to download the protection that could save them.

This is exactly what happened to Target. The hackers, according to The Guardian: “piggy-backed an air conditioning company’s systems to get on a Target server that had not been updated or ‘patched’ with the latest up-to-date protection.”

2. No Real-Time Monitoring of Security Breaches

Another major problem? No real-time monitoring.

When businesses fail to set up real-time security monitoring capabilities, they’re leaving themselves exposed.

Cleveland Business, in an article entitled “Firms Can’t Afford to Fail at Cybersecurity,” noted that this was a serious issue: “A top standard of protection today is to have real-time notifications of when a hack or breach has happened, he said. According to a 2014 report by EY, though, fewer than 20% of all businesses surveyed across all industries had that.”

Real-time monitoring can be extremely difficult, however, when those efforts must also include the personal mobile devices of employees. 101 Digital’s Mobile Device Management (MDM) and Bring Your Own Device (BYOD) solves that problem and makes real-time monitoring across all devices and platforms a reality.

3. Not Enough Barriers Between Systems

Home Depot’s security breach was even bigger than Target’s. It endangered 56 million credit card accounts. The breach happened in part because the hacker malware gained easy entry into the entire Home Depot system once it penetrated one area.

Ken Munro, a senior partner at Pen Test Partners, while discussing the Home Depot security breach in an interview, said this about creating protective barriers:

“You need to create barriers between systems so malware opening up access to one system for a hacker doesn’t offer them a direct route to another. There are technical ways of doing this, but the simplest thing is to ensure people don’t have access to more than they need to. So don’t allow one person’s user name and password credentials to access more than they need, because it gives a hacker a route through your company. Each system should need a different password…”

It might be a pain to take extra measures, but if you have a dedicated round-the-clock IT company handling these steps, it’s a different story.

4. Adopting a Mindset that Compliance is the Maximum Benchmark

Another systemic problem in network security is, frankly, a lazy do-the-minimum-work-only attitude. This manifests itself in the way that businesses view security compliance — particularly with the Premera Blue Cross security breach, as TechNewsWorld noted:

The recent data breach at Premera Blue Cross — in which the personal information of some 11 million customers was compromised — raises questions about how effective government regulators are at ensuring that healthcare providers adequately protect their patients’ data. Although compliance rules are supposed to set minimum standards for protecting data, many companies treat them as maximum benchmarks.

Compliance gets companies moving in the right direction, but it’s only the beginning.

The Importance of Apple Mobility Certification

When trying to avoid the mistakes above, it’s important to have an IT team that offers 24/7 real-time monitoring and is Apple Mobility Certified, which ensures that your IT support has the highest level of training to maintain your IOS network security across all devices.

(And, by the way, not only is 101 Digital Apple certified, but we are also Microsoft certified.)

To talk more about network security, or any other topic related to computer security and IT support, please contact us.