Thursday, December 12, 2019

What IT Wont Tell You About Workplace Security

What IT Wont Tell You About Workplace SecurityWhat IT Wont Tell You About Workplace Security From elections being hacked to a rogue ransomware that managed to infect hundreds of thousands of computers across 150 countries in a matter of days, its hard to tune into the news these days without hearing about some form of hacking or security issue.As we come to rely on the internet for more - for commerce, politics, and social activities - you can be assured that the bad guys will keep getting sophisticated in their attempts to compromise your security. Not that things arent bad already - they are (as we revealed on TheBestVPN , there were 4,100 security breaches, resulting in 4.2 billion stolen and exposed personal records, in 2016 alone).Unfortunately, the role employees play in facilitating these security issues is elendlage small - the renowned eBay hack in which hackers stole data of 145 million eBay users was as a result of three key eBay employees being c ompromised, and the recent WannaCry malware that is spreading in unprecedented proportions started with just one person on a network opening the wrong attachment, which then automatically spreads to all computers on a network. IT would really love for you to play a more active role in security. They really want you to know these facts, but they dont know how to tell you1. Even With Your Antivirus and a Secure Password Manager, You Can Still be HackedTo the average web user, once you have a very reliable antivirus application and a good password manager, nothing could go wrong. After all, the antivirus automatically screens everything that goes through your computer and the password manager automatically generate passwords - using a combination of strange characters - that you couldnt have imagined in a million years. IT would really like you to know that this does not make your security sacrosanct . In fact, the way things are setup to day, most malware and exploits are deliver ed through the web and email, and your firewall already allows these two mediums (otherwise you wont really be able to use the internet). Experts have also found that most password managers are not as secure as many will expect them to be. In fact, the team at TeamSIK analyzed all of the top password managers and made the following conclusion The overall results were extremely worrying and revealed that password manager applications, despite their claims, do not provide enough protection mechanisms for the stored passwords and credentials. Instead, they abuse the users confidence and expose them to high risks. This doesnt mean you shouldnt use an antivirus and a password manager. You should, because not using them could be much more dangerous. However, you should use them alongside other security measures.2. It Sucks to Update Your Device, but Its One of the Most Effective Forms of Protection Against Being Hacked The most recent ransomware making the rounds now is WannaCry, a rans omware that took down hundreds of thousands of computers in 150 countries in a matter of days the ransomware works by searching for and encrypting 176 different file types and asking users to pay $300 to have their files decrypted. If payment isnt made within three days, the amount requested will be doubled. If payment is not made within seven days, the files will be deleted.Whats interesting about WannaCry and many other types of ransomware is how they spread WannaCry spreads by exploiting a critical vulnerability in Windows computers it then uses this vulnerability to spread across computers on the same network - in other words, youre likely to be infected once a computer on your organization network is infected.The interesting fact about WannaCry, as well as most other forms of malware, is that they usually target weak and vulnerable computers, and they are most effective if you havent updated your computer in a long time. Microsoft already released a fix to the vulnerability t he WannaCry ransomware exploited two months before the ransomware came out, yet hundreds of thousands of people were affected because they havent updated their computer.IT wants you to know that as much as you hate to update your computer, it will really save you and them a lot of worries and money.3. Backups are Boring, Yes, But You Cant Live Without ThemThe biggest threat to any organization is data loss, and IT just cant wait to emphasize this enough to you. When you really think about it, the majority of the exploits and ransomware making the rounds these days are all doing the same thing withholding your data and threatening to delete it if you do not meet their demands. Now, it would be interesting to realize that it doesnt necessarily take a hacker to destroy your data hard drives naturally fail, and data loss occasionally occursnaturally. In fact, research shows that hard drive crashes and hardware problems are responsible for 66 percent of data loss - in essence, your hard drive is more likely to crash than you are to be hacked. Even Google is not immune the 2015 natural disaster, in which lightning struck one of Googles data centers in Belgium, and wiped data from some of its disks - resulting in permanent loss of some data - quickly comes to mind.If you dont back up already, IT cant wait to tell you just how important it is to back up. More importantly, they cant wait to tell you how essential it is to back up to more than one source.4. Bringing Your Own Device is Not As Safe as You Think it IsIT really doesnt want to infringe on your freedom or restrict you, but bringing your own device isnt exactly as safe as youd imagine. Going back to the point we looked at earlier on about how antiviruses and password managers are not enough for securing your computer, bringing your own devices (BYOD) automatically increases the security risks of your employer.Research shows, that in organizations that have a BYOD policy, 80 percent of BYOD is completely unmanaged, and 77 percent of employees do not know the risks that come with using their own devices in the workplace. If your workplace has a good security team, your personal devices are not nearly as safe as the companys device. If you bring your own device, take more active measures to ensure your device is safe - better yet, reach out to someone in IT to know what you should know about accessing the company network with your device.John Mason is a tech and internet security expert as well as partner at TheBestVPN.com , a leading portal that shares information on VPNs and online security.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.