Every year, millions of dollars are lost to cyber-related incidents. Cybersecurity has been put at the forefront of the conversation, and companies are trying to protect themselves the best they can. But there are some simple things that companies can do to protect themselves. In an article on Dark Reading, Darren McCue says which five IT practices are putting enterprises at risk:
- Using old printers
- Disregarding alerts
- Giving away admin rights
- Ignoring employee apps
- Being unprepared for device loss
Old printers may not seem like a particularly obvious starting point, but printers often have images and documents on them that contain sensitive company material. Keep an eye on printer updates, but if you can’t, make sure they’re on a separate VLAN. Your vendor’s access to the printer may also cause problems, so limit their access as much as possible.
McCue further warns against disregarding alerts:
The average enterprise generates nearly 2.7 billion actions from its security tools per month, according to a recent study from the Cloud Security Alliance (CSA). A tiny fraction of these are actual threats — less than 1 in a 100. What’s more, over 31% of respondents to the CSA study admitted they ignore alerts altogether because they think so many of the alerts are false positives. Too many incoming alerts are creating a general sense of overload for anyone in IT. Cybersecurity practitioners must implement a better means of filtering, prioritizing, and correlating incidents. Executives should have a single platform for collecting data, identifying cyber attacks and tracking the resolution.
Just like you should limit your vendor’s access to the printers, you should also limit the amount of people to whom you give admin-level access. IT executives should gauge how much damage each admin account could have should it be compromised at some point later down the line. Additionally, do not ignore employee applications, in order to keep from intellectual property being lost. Monitor the services people are using and make judgment calls about the risks entailed.
McCue’s final risky IT practice is being unprepared for when devices are lost. Staff who are out and about may lose a company phone or laptop at some point, so make sure there are contingencies in place. Having solid device encryption and having disable features are good ways to prepare.
You can view the original article here: https://www.darkreading.com/perimeter/5-it-practices-that-put-enterprises-at-risk-/a/d-id/1330004