We’ve written previously about endpoints; what they are and how to protect them. What, though are the most common internal threats businesses face to their overall cybersecurity. Here at Nutbourne, we offer comprehensive endpoint security in London. We wanted to talk you through some of the most common internal vulnerabilities exploited upon by cyber criminals.
Cyber-attacks are getting so common and widespread that some large firms are even turning to ‘ethical hacks’, that is, getting ‘hackers-turned-good’ to hack them and point out where weaknesses are. That’s a pretty drastic step, though, so look to securing against these vulnerabilities before you consider that!
Unpatched and out-of-date software is another major issue faced by businesses today. Companies running outdated operating systems run the risk of being infected with malware. Outdated software presents something of an open door to cybercriminals; interestingly, it’s just as often unpatched applications as opposed to outdated operating systems that are the worst culprits in exposing an organisation’s network.
A survey by the highly-regarded Ponemon Institute found that almost 60% of cyberattack victims surveyed could’ve had their attacks prevented had they patched their outdated software. What’s more alarming, though, is that that same survey found that almost 35% of those respondents had already been aware of the vulnerability, and failed to do anything about it.
Unsecured USB Devices
Although used less frequently these days, what with the proliferation of cloud-based services, unsecured USB devices still represent a significant threat to organisations of all sizes. Data can easily be compromised through misplacing a USB device. This can in turn lead to serious compliance issues, too. In 2017 at Heathrow airport, for instance, an unencrypted USB containing sensitive information of staff members was misplaced. This led to the airport being levied with a hefty £120,000 fine by the Information Commissioner’s Office (ICO).
With the increase in BYOD (Bring Your Own Device) policies over the past few years – but over the pandemic year, especially – this has brought companies and employees alike a much greater degree of flexibility. The more devices you bring under the umbrella of your network, the harder it is to keep ‘tabs’ on them. Strict company policy regarding bringing employee devices into the network can ensure they’re kept as safe as possible.
You’d think by now, given the constant barrage of cyber-attack horror stories we’re met with – seemingly daily – that people would’ve wizened up to the very real dangers that cybercriminals pose. Still though, however, there are those who adopt a somewhat laissez-faire attitude towards cyber threats. Whilst it might be easier to be lax about these problems and pretend they don’t exist, this is inviting trouble.
The idea of cyber ‘hygiene’ or ‘netiquette’ has been around for a while now, but it’s worth doubling down on. Invest in cybersecurity training courses for your employees and stress to them the importance of paying proper care and attention to their digital behaviour. If you can instil just enough more caution in them to make them think twice before clicking a suspect email attachment, then that’s an improvement. When it comes to improving your company’s overall endpoint security, your employees can’t be forgotten about!
Enforce Stronger Password Policies
Unquestionably, one of the biggest vulnerabilities to businesses is easily-cracked passwords. Just as outdated applications and software present cybercriminals with an open goal, so to speak, so too do weak passwords. As a rule, passwords should be a minimum of eight characters long, should avoid using personal information of any sort and be different from other passwords.
Alphanumeric passwords are also a must; random combinations of letters, numbers and symbols are much harder to guess than actual words or common phrases. In relation to endpoint security, much of it revolves around not giving would-be criminals a leg up or a head start. If you can avoid dangling any low-hanging fruit, as it were, they’re far less likely to target you.
So, if you’d like to find out more about our endpoint security in London, then get in touch! Contact Nutbourne today on +44 (0) 203 7273 or by filling out one of our online enquiry forms. Alternatively, you can message us via Live Chat and one of our team will be there to help you!