Small and midsize businesses are big targets for cyber criminals. IBM estimates SMBs are the target of 62 percent of all cyber-attacks (around 4000 every day). It’s very likely if you haven’t already been a target, you will be soon. Recovering from a cyber-attack isn’t easy – 60 percent of small businesses that fall victim to an attack fold within six months.
Controlling who has access to your data is a key part of staying safe. It’s also the easiest place to slack off in the name of convenience. But not being vigilant about access means you’re leaving yourself open to attack. If you haven’t already, look at how you control access to your network, computers, servers and other equipment.
Here are a few key places to look for weak points in your organization:
- Are unused data ports in wall outlets still active and connected back into the network? Those open data ports are open doorways to instant access to your network.
- Are your servers, switches, and routers in locked rooms with controlled access? Servers, switches, routers and other equipment left open for anyone in the building to access are vulnerable - an attacker merely needs to plug a small USB drive into a server and the entire network is compromised.
- Do you have policies in place to automatically lock screens after a certain amount of time and require a password to log back in? Unattended and unlocked workstations are a huge – and very common – security gap. The authentication to the network has already taken place and now anyone who walks by has access to the machine to steal sensitive data or execute an attack.
- Do you have password policies in place requiring strong and complex passwords? If so, is your password history feature enabled to prevent the same passwords from being recycled? Do you have lockout policies that automatically disable the account after too many failed passwords? A weak password doesn’t take very long to crack. And if a hacker has an unlimited number of tries to crack a password, even a complex password can be cracked.
- Do you leave old, unused computers and hard drives sitting around in the open? Are the hard drives in your workstations encrypted? Hard drives especially are typically small and easy to steal. If they’re not encrypted, you’ve just given someone all the files on there.
- Does everyone have the same level of access to company data regardless of their job? Every single person who has access to sensitive data is a potential weak point. So, the more people who have access to your data, the more places a hacker can potentially get in.
This doesn’t cover everything, but these are the most common areas where we see businesses failing to lock down access. If you have weak points, don’t wait to fix it. The cost of beefing up your security will be significantly lower than the cost of recovering from a data breach.
Want to know other areas where you may have vulnerabilities? Download our cyber security self-assessment to get an idea of how you’re doing with cyber security.