Information technology risks range from the very apparent to the silent and hidden. The majority of businesses mitigate the most obvious risks: only an irresponsible IT operation will do without network firewalls in place or skip on regularly updating operating systems and software. Yet it is the less obvious risks which can trip up even carefully run IT functions – and which can cause progressive or indeed sudden harm to your business.
Electronic devices are increasingly connected to the internet and the advancements pledged by the so-called Internet of Things are promising. The pace of growth is staggering – IHS forecasts that the base of installed IoT devices will grow from 15.4 billion devices in 2015 to a 2020 total of 30.7 billion devices, reaching 75.4 billion in 2025. Unsurprisingly, the security risks are growing at an equal pace: businesses face increased exposure to breaches and attacks on account of the multiplying number of connected devices.
The core risk presented by IoT devices is a combination of the device count, and the fact that individual devices can be seen as unimportant. A single security camera is not a critical device, but it can act as a point of entry to your entire network if it is vulnerable. Default credentials on printers and scanners are rarely changed and can undermine even the strongest company-wide password protocol. In the IoT arena, every device should be managed as vigilantly as you would your most crucial applications or servers.
Staff often prefer to use their own devices to interact with company systems, and employers favour not placing too many restrictions in this respect as it can mean that staff are available outside of office hours. Yet bring your own device (or BYOD) poses some of the same IT management issues as IoT: staff devices are not seen as core to the IT environment and often IT management is not even aware of their use because staff simply won’t ask for permission first.
Stopping staff from using their own devices is usually not an option, but your systems policies can tighten up security. Mobile device management policies can force users to implement PINs on their phones (not everyone does) while ensuring that you’re able to erase company data once account privileges are suspended. Ensure encryption layers are enabled everywhere – this will prevent snooping across commonly used public Wi-Fi networks.
Your service providers
No IT operation is an island, with every business making use of third party suppliers to some degree. The issue is exacerbated by the growing reliance on cloud services: the risks your service providers are exposed to are also the risks you are exposed to. Check Point’s 2017 Cyber Security Survey shows that 81% of respondents are concerned about the risks of making use of the public cloud, but avoiding cloud services is hardly realistic.
Instead, vet your service providers thoroughly. Just as you would question and investigate any company you use for IT support London based businesses should only sign up to cloud providers which are trusted and which can offer assurances that their internal procedures are safe and secure. Importantly, regularly review your service providers. Circumstances and reputations can change over time – you cannot assume that a trusted supplier will not pose risks at some point in the future.
Personnel changes are common in the IT environment, and it often leaves behind user accounts and privileges which are no longer used. Left to fester, the associated passwords grow stale and won’t keep up with your latest password policies. These ghost accounts are unnecessary: the access is no longer required and should be terminated, but this is not always done systematically. Leaving redundant privileges in place is akin to leaving the back door open.
The 2016 CyberArk survey suggests 55% of respondents have improved the management of privileged accounts, but meticulous management of user accounts is still not universal. Extensive use of outsourced service providers and onsite support adds to the problem, as each new contractor requires privileged access on some level. Make sure to record any user accounts you create in sufficient detail, and tidy up after the fact. If possible, implement auditing procedures that regularly verify that privileges are kept to a minimum.
Professional IT departments are good at focusing on issues surrounding service uptime and security, but compliance topics – especially those not directly affecting IT operations – are not always front and centre. Compliance is a complex issue and involves an interplay of factors across different business departments. Ignoring compliance as a core IT issue places individual employees and your business at risk.Bring your technology workers into wider discussions about compliance and seek the help of IT companies in London in an auditing and advisory role as it can be difficult to stay on top of an ever-changing regulatory landscape. The costs of non-compliance can creep up with time, and flaunting the rules over a long period can make it very difficult to return to a compliant state.
Reduce Cyber-Security Risks With Cyber-Security Training
Protecting your business starts in ensuring your employees are knowledgeable and prepared in safeguarding your networks and computers. If your users know how to manage their online presence, they will be more secure and so is your business. Start investing in cyber-security by training your staff for as low as £29.99 per user per year with Cybsafe.
Cybsafe is a market-leading software that helps organisations to take an intelligent approach to cyber and information security awareness. Each user will get certificate after successfully completing a training. For more information, please visit their website.
Managing hidden IT risks
Information technology risks should be at the centre of management thinking. An approach which is driven purely by the IT department and technology workers can leave holes and gaps in your company’s risk profile which can be costly in the long run. Depending on your ability to staff a technology operation – or your willingness to indeed run your own IT operations – you should consider hiring a managed services company which can provide onsite support and advice in security and compliance.
Threats to IT security is an everyday reality for every business, to the extent that the England and Wales annual national crime survey now includes questions on cybercrime to try and establish the scale of the problem. Not surprisingly, the survey points to millions of incidents of computer misuse. For businesses to protect themselves and their customers they will need to not only manage the most obvious risks, but also act to cover creeping, hidden risks which can post a threat in the future.