To keep your organisation safe from unauthorised access you take the basic precautions: create strong passwords that are not re-used and are updated frequently, use updated anti-virus software, employ host and network-based intrusion detection and prevention, data encryption, etc.
However, complacency has no place in cyber security. Hackers are working round-the-clock to outwit your most ardent security professionals. Here are a few specific vulnerabilities that require immediate and constant attention to stay safe in a hostile security world.
You may be aware of DDoS, or distributed denial of service attacks. These online attacks, where high-volume traffic floods a system’s servers, making web traffic extremely slow, grew 172% in 2016. But in the last few years, they have skyrocketed. One study found that 42% of companies faced a burst attack in 2017.
For larger companies, network infrastructure usually gets plenty of attention. Proper configuration, maintenance and security are often key considerations due to its importance to the business. But what about smaller entities? Is there a small switch or router you either purchased or leased from your internet service provider? If so, when was the last time you updated it?
If you haven’t changed passwords and updated the software/firmware on these devices then it should be near the top of your priority list.
Obscure sensitive web pages from search engines
Search engines are an easy first step for someone looking to exploit your security systems. They can conduct searches of your known web presence, looking for pages which might not have been meant for the general public but are still accessible.
Passwords on your IoT devices
There are numerous IoT devices used in our daily lives, such as security and video conference cameras, cars, and smart sensors, but also contraptions you probably forgot are now connected to the internet, such as garage doors, appliances, etc.
Data in transit
Encryption of your data at rest – when it is stored somewhere – is incredibly important. However, your encryption efforts should not stop there. Data in transit is just as important to encrypt, particularly sensitive information.
This could include communication between your websites and applications or even just communications within your company.