Preventative Network Security Measures Your Customers Often Neglect
By Carol Evensor, business consultant
The old saying goes, “An ounce of prevention is worth a pound of cure,” and that’s particularly true when talking about digital security. If you work in the tech industry security practices have no doubt become second nature to you. Your customers, on the other hand, may not be so savvy.
There’s a good chance many of your customers are letting some of the most simple security practices slide; a mistake that could come back to haunt them — and you — later on. After all, who do you think they’ll blame when their network comes crashing down due to a DDoS attack or their secure data is leaked? Even if the breach had nothing to do with your product, some customers are always looking for someone else to blame. Since you deal in technology, it might as well be you, and that’s a headache no one wants to deal with.
Whether you have worked with your customers for years or are just starting up your business relationship, it might be a good idea to check in on them to make sure they are following these preventative security practices.
- Fully Deprovision Users When They Leave The Company
When an employee leaves the company, one of the first things that should be done is to remove all their access to company software and data. This includes access to email (as well as reviewing forwarding settings in their account), business process management software (BPMS), access to shared documents, and any other permissions they may have.
- Restrict Access For Personal Mobile Devices
According to a Ponemon Research study, 46 percent of companies studied did not have a policy governing acceptable use of personally-owned mobile devices on their network, with an additional 6 percent claiming to be unsure whether they had such a policy or not. This becomes a problem when employees access sensitive data on an unsecured phone, exposing that data to potential attacks. Each year, 70 million smartphones are lost, and only 7 percent of those are recovered.
If banning personal devices entirely is unfeasible, companies should create and enforce a robust policy regarding mobile devices and the necessary precautions employees must take regarding what information can and cannot be accessed over the network. Mobile devices should also have appropriate malware protection installed to prevent a mobile device from becoming an access point for cybercriminals to break into the network.
- Set A Limit For Login Attempts
One of the first steps companies do tend to follow when implementing security features is setting a password. If they allow unlimited login attempts, however, they are leaving themselves open to brute force attacks. Setting a limit, usually between 3 and 5 unsuccessful attempts, is a simple countermeasure that can do a lot to protect company data.
Companies can set a variety of consequences once this threshold has been crossed, from blocking the user’s IP address (whether temporarily or permanently) to forcing the user to wait a preset time before attempting again, to forcing a password reset. It’s up to the company to decide where the balance lies between security and the level of inconvenience to the user.
- Use Up-To-Date Malware Protection
Many customers will install malware protection then let their protection plans expire, thinking that once the program is installed, they are safe. They discount the fact malware is constantly evolving, with 200,000 or more new malware samples appearing every day, according to Blue Coat. Your customers should keep their malware protection systems up to date to prevent these new threats from sneaking past and gaining access to their most sensitive data.
Carol Evenson is a business consultant specializing in data security and information systems. She has worked alongside Fortune 1000 companies and currently works with corporations within the US and UK.