Avoid These Mistakes, Ensure Better Enterprise Security
We have always been stating that for any enterprise, security is not just about solutions and the technical aspects, it includes the human element as well. Every single employee who is part of an enterprise is responsible for the overall infrastructure security and hence there are some common security mistakes that, if avoided, could help enterprises in ensuring better security and also in keeping hackers at bay. Let’s take a look at some of these common enterprise network security-related mistakes, which pave the way for cyber attacks and data breaches:
Carelessness regarding password management
Passwords and password management- an area that many are rather callous about. People commit many silly mistakes pertaining to passwords. They either go for simple passwords that they can easily remember and also opt to use the same password for different services. Regarding the former one, using simple passwords might be convenient; it would make it easy for you to remember the password. A variant of your organization’s name, a date, a number etc would be easy to remember; but don’t forget such things would be easy to crack as well. A clever hacker would guess out such things and after many attempts may succeed in cracking your password. Now, to the latter one, namely using the same password for different accounts. That also makes the job easier for the hacker; just hack one account and all the accounts are open to access. So, the lesson is simple. Don’t ever go for easy, obvious kind of passwords and don’t ever use the same passwords for different services. Moreover, always go for strong passwords, which would ideally be a mix of upper case and lower-case alphabets, numbers, and special characters. Make it a policy to change passwords regularly.
Indifference pertaining to firewall protection
Firewall security, though we sometimes don’t realize it, is of utmost importance to any enterprise. If you either disable the firewall (for convenience’s sake) or end up misconfiguring your firewall, things could take a wrong turn for your network and its security. Never ever compromise on firewall security.
Carelessness regarding network segmentation
Network segmentation, another area that’s of crucial importance when it comes to enterprise security. Network segmentation offers an enterprise better control over access management and handling of data. It gives better control over who accesses which data and also allows set rules to ensure limiting traffic between subnets, thereby limiting exposure to security incidents. So, keep in mind that network segmentation, though it has some issues, is important for your security.
Laxity in checking certain file formats for malware infection
It’s important to keep an eye on certain file formats that come with a malware infection. File formats like .exe, .dll, .vbs, and .docm, along with PDFs, could be containing malware and hence must be handled with utmost care. All such files should be scanned and software that scans such files for malicious content should be used.
Laxity in matters pertaining to email security
Email security is one important aspect of enterprise security. Employees showing laxity in matters pertaining to email security could ultimately end up causing cyber attacks and data breaches to happen. Most cyberattacks today happen via phishing scams and it is email phishing that’s most common today. An employee clicking on a malicious link or downloading and opening a malicious attachment could initiate a phishing attack, which could eventually lead to the whole network being accessed by hackers. So, always show the utmost care regarding email security.
Indifference regarding SMB Signing
Server Message Block (SMB) is the file protocol (most commonly used by Windows), which allows for digitally signing communications at the packet level. This helps in ensuring the authenticity of communication and in identifying their point of origination. It’s always good to turn on SMB signing, for better security.
Using solutions without knowing how it breaks
When you use a solution in a network, you should also know how it breaks. This is because almost all solutions have some or the other backdoor weaknesses and hence, it’s always good to know how solutions break. Thus, you can prevent hackers from compromising networks exploiting such backdoor weaknesses.
Not staying updated, using the wrong tools
There are lots and lots of security tools that promise you “total security” and the like. There are shiny new tools that seem to be guarding you against attacks, but which in actuality they don’t do. Hence, it’s important that you don’t use the wrong tools. Every employee in an organization ought to stay updated regarding the latest development in the field of cybersecurity. This would help in planning how to ensure proper security and also in choosing the best security tools for an enterprise.
The IT department in any enterprise should pay attention to such areas and ensure that the enterprise network is not hacked because of a small mistake committed by an employee. Things like password management, email security, updating all software and operating systems, using the best security tools, training employees etc should be handled by the IT department of an enterprise.
Julia Sowells951 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.