If you're a business leader, you've heard, read or thought about it more than you probably want to: the ceaseless war to protect your company's network and data from a hacker underworld that's increasingly sophisticated and ambitious.
Major breaches are a PR nightmare that no company wants to experience. Recall when ride-sharing giant Uber belatedly announced it had suffered a breach that exposed the personal information of 57 million people. Of those affected, 25 million lived in the United States, and more than 4 million were Uber drivers. In this case, the hacker agreed to destroy the data in exchange for a "bug bounty" payment from Uber, which was far less than the cost of the damage to the brand when details surrounding its mishandling of the breach were revealed.
If the hacker had more malicious intentions than monetary gain, there's no telling how bad it might have been for Uber. Most companies that suffer such breaches aren't as lucky.
When hackers hold data for ransom, their threats are usually for real. Just ask victims of the WannaCry virus or Sony hacks, which forced several major companies to lose time, money, credibility and irreplaceable data when they refused to give in to the hackers.
Businesses today must understand how hackers operate and stay on top of the ever-evolving threats in our digital world.
3 security vectors you may not have considered
Security breaches often occur where we least expect them, and many areas still fly under the radar. Here are three lesser-known attack vectors and ways to mitigate the risk they pose to your company.
1. Lock down your office printers and secure your documents.
You might not consider your office printers a serious security threat, but several recent incidents have called attention to the fact that modern printers are more than just paper pushers. They're sophisticated network computers, which means they deserve the same levels of security attention and protection as servers and employee workstations.
To lock down your office printers, start by implementing firewalls and using strong passwords. When manufacturers push updates to cover new security risks, download them quickly. Stay current with industry best practices, and make sure your printers are included in your organization's security policy and procedures.
It's also critical that you deploy secure pull-printing technology: This allows employees to submit their print jobs to a single secure queue and use their access cards or login credentials to release (pull) their documents from any printer on the network. This simple workflow prevents unauthorized access to sensitive documents and provides the added benefit of reducing waste and resource costs.
2. Protect employee devices.
The BYOD (bring your own device) trend is still going strong, as companies small and large let employees use their personal smartphones for work. And according to Gallup, the number of remote workers has grown from 39 percent to 43 percent in just four years. While many of these people claim using their own devices makes them more efficient, the added security risks should not be overlooked.
When everyone is operating a unique device connected to the company network, the opportunities for hackers multiply. One hacked personal account can lead attackers into other accounts, which might store sensitive company information. Then there's the added risk of offsite theft: If a smartphone is stolen, the thief could obtain your intellectual property or financial information and publish or try to sell it.
To help stop thieves and hackers from turning personal invasions into company crises, you can use one of many firewall-as-a-service offerings. These cloud services work from anywhere, freeing employees to use their smartphones while reducing risk and giving employers peace of mind. The technology prevents thieves from accessing protected data and gives companies greater control of their networks.
3. Beware of social engineering.
Hackers don't always have to be elite programmers – not when employees inadvertently tell them what they need to know.
Social hackers, for example, use social media profiles to gather information on their targets, then pretend to be their victims so employees reveal sensitive information. WHMCS, an online company that stores credit card data, fell victim to this scheme when members of a hacker group stalked a database administrator online and later called in for a password reset. Because the administrator's social media profile had revealed answers to his security questions – hometown, important dates, family names – the group was able to impersonate him, gain access to the network, download over a gigabyte of credit card numbers, and wipe the company's databases clean.
Encourage employees to always use strong passwords, and educate them about the increasing use of fake social media accounts among identity thieves. Regular employee training will create a culture of informed vigilance and help protect your company from social engineering threats.
Two-factor authentication is another best practice to follow. Secure passwords aren't enough these days; adding a second factor – such as biometrics (thumbprint or facial recognition) or code verification via text message – provides an important extra layer of security. Many people consider additional authentication methods a nuisance (only 10 percent of Gmail accounts use it, for example), which again points to the critical role of employee education. A vigilant workforce might be the single best defense against hackers.
The next big data breach is always lurking around the corner, but businesses don't have to live in fear of losing critical data. By including these and other threats in a comprehensive security program, you'll have done more than many companies do to secure your network and data.