The Biggest Risk to Your Company’s Network Security
The biggest risk to your company’s network security is also you company’s greatest asset, your employees. There are many ways an employee can compromise your company’s network security, often without even knowing he or she has done so. One of the most common ways of doing this is by opening an email. Email phishing and spear-phishing are usually the first lines of attack for hackers and often the most overlooked in a company’s security policy.
Phishing is the method of sending out mass emails to random users enticing them to click on a link or download an attachment that then spreads the malware or virus to the user’s system and through their system to the entire network. Spear-Phishing is almost the same thing as phishing, except that Spear-Phishing targets particular companies and use company information (such as executive’s email addresses) to make the receiving party believe the correspondences is coming from a trusted source.
Another way employees might compromise network security is by surfing on dubious sites, such as torrent software sites or gaming sites. Some sites run scripts that can automatically download and install malware without the user being aware of it. Sometimes this comes in the guise of a “necessary device driver” or by stating “your current video software is out of date please install this update”. Many employees are quite ready to install whatever software necessary to access their favorite site or to watch a video, not realizing that by doing so they are compromising the networks security and putting their company at risk for an outside attack or theft by malware.
One more way an employee may inadvertently spread a virus or malware to their company’s network is by taking their work home with them and then downloading and uploading from an off-network computer (their home PC) that is infected. When they get back to work and upload their files to the network computer, the malware will also be uploaded and the network is thereby compromised.
How You Can Minimize These Risks
One of the best ways to minimize your risk of a network security breach is by educating your employees to these risks and demanding hyper-vigilance from your employees. Instruct your employees on the dangers inherent in opening email from unknown sources and especially download and/or running attachments. Put into place a policy outlining which websites employees are allowed to surf and which websites employees should not be using. There are also many different network security suites that have the option to block certain types of websites so that your employees will not be able to access them, unless given explicit permission.
It should go without saying, but you should be sure to have antivirus programs on all computers in your company and every one should have scheduled scans (for thorough scanning) as well as real-time monitoring. The antivirus program should also have an option to scan the entire network and the point of origin to detect and eliminate any threats before they even get to the end user’s computer.
You should create a policy that requires users to change their passwords often, as a preventive measure. This simple step is often overlooked, but often networks are hacked through old passwords, even those used a year or more ago. Sometimes employees will use the same password on their business computer as they use on social media sites and other personal sites. This should be highly discouraged, as many of these sites are also vulnerable to security breaches and many hackers are aware of the fact that users may use the same passwords on their business computers, thus opening up a huge hole in your network security.
With the proper network security in place, educating and informing your employees to the different forms of breaches and having policy set up for surfing the internet, using off-network computers and such, you should be able to get in front of any possible attack before it happens. It takes the whole team to keep your company secure, but with due vigilance and determination, your network can survive and thrive in this age of increased malware attacks.