Some of the biggest and best targets hackers choose are company accounts. HR departments of many companies, for example, are often very conservative in their approach to change making them particularly vulnerable to cyberattacks. They often have the oldest systems with the weakest security.
The following are five of the biggest gaps in company security. Taking measures to close these gaps could go a long way in protecting the precious and sensitive data many of them have.
1. Manual Payroll Systems
In April, hackers struck the city of Tallahassee and got away with half a million dollars in payroll that belonged to city workers. It wasn’t an isolated incident. Hackers have long sought the massive payoff of a payroll breach. The large concentration of cash coupled is a powerful enticement.
The primary vulnerability is manual processing of the payroll accounts, which are often done using spreadsheets and programs like Excel. This security problem is especially prevalent in international payment processing. Even when the accounts are well protected, the manual aspect leaves them vulnerable to the biggest risk of all – the human factor.
Automating payroll is an idea whose time has come. It is cheaper than employing a staff of workers and it keeps data safe from phishing schemes and other ploys that target people’s behavior rather than system security.
2. Sending Sensitive Data by E-Mail
Email has been one of the most useful tools in the history of technology, judging by the sheer number of people to use it daily. It has withstood challenges from numerous other communications tools and remained as strong as ever. Naturally, it is also one of the biggest targets for cybercriminals.
During the recent run-up to Tax Day in America (April 15), cybercriminals took advantage of the deluge of correspondence between tax filers and accounting firms to launch a series of fake corporate accounts that resembled emails pages from large companies.
These kinds of attacks will continue as long as companies continue to allow sensitive information to be sent through channels as ubiquitous as email. Again, just as with manual payroll, even if the emails are secure, everyone remains vulnerable to dummy accounts. After all, who has time to check for irregularities on every email they get from a seemingly trusted source.
The solution is to ensure that sensitive material only travels through secure channels that are closed to outsiders, preferably through the cloud. That will help protect against fake accounts and keep important information safe.
3. Keeping Proprietary Information on USB Sticks
The advent of the “disk on key” has made life easier for people who wish to transfer large files between computers or to take files home with them. But the files on USB flash drives rarely have any protection, and if the disk is lost or stolen, there is nothing to prevent other people from gaining access to proprietary material.
That’s why the best defense against this type of security breach is simply to avoid ever putting sensitive information on portable disks. Once the files are lost, there is no way to bring them back or keep them from being spread if people who steal or find them choose to do that.
Be safe. Keep important information only on secure servers accessible only be those who have been approved by the company.
4. Delays in Installing Security Updates
Even a company that is highly conscious of security could fall victim to a hack attack if its IT staff is completely occupied by everyday tasks. Setting up a security system is not a one-time thing, but rather a process that requires ongoing attention.
Even the best security systems send out periodic updates. These are often patches that cover vulnerabilities that have been discovered. If the company is a way of vulnerability, it is only a matter of time before the hackers find them as well. So it’s vital to install the patch as quickly as possible.
Too often, however, the small IT staff of medium size business is overwhelmed by pressing matters elsewhere and the installations are delayed. That puts the company at risk for the interim period.
5. Leaving Documents Unattended
One of the most common practices that expose business documents to possible security breaches takes place virtually every day at many offices. It consists of leaving private documents unattended at workstations, on open computer screens, and especially at printers.
Most people feel completely safe within the confines of their company. So they leave sensitive documents open on their desks and walk away. Sometimes those documents may be there for hours if the worker has a series of meetings away from his or her desk, or during lunch break. Sometimes, they are left overnight if the project has not been finished.
Companies must combat this practice, as natural as it may be to the workers, by setting strict office policies against leaving documents unattended. There must be a rule that any document has to be put away to a safe place whenever a worker leaves his or her desk. The policy must also extend to the disposal of confidential documents. They must be shredded in order to avoid theft after they have been thrown out and assumed to have been disposed.