Top 5 Security Concerns for 2021
TOP 5 SECURITY CONCERNS FOR 2021
INTERNAL CONTROL FAILURES
Issue: Businesses build policies and procedures to minimize risk and ensure high quality products and services. When an issue arises most of
the time it is related to a control failure. Someone not following policies and procedures.
Solution: Regularly audit your internal controls – annually, quarterly, monthly, or weekly. People follow policies and procedures when they know someone is watching. Just because you have documented policies and procedures does not mean they are being followed.
Issue: Behind people, computer hardware and software are probably the most valuable asset businesses rely on. Vendors are constantly releasing updates to enhance, but also to protect these solutions. Missing even one security update leaves your organization vulnerable to attack. Attacks at a minimum affect one computer or person, if pervasive enough an entire server and all a company’s data can be rendered inaccessible for weeks. Both incidents have a financial impact on the company.
Solution: Real-time scanning of network for vulnerabilities or unusual activity can prevent this. Regularly patching and updating software is essential. There are many solutions to help identify holes in your environment. Ensuring these holes get plugged timely is extremely important.
Issue: There has been a rush to move software to the cloud or 3rd party providers. What happens when that vendor has a failure? Certificate issues on the vendors end can cause hours of disruption. 3rd parties are not immune to the same security risks every business has, including crypto-locker or DDOS attacks. In fact, they are likely to be bigger targets as the attackers can affect more people.
Solution: Having a robust vendor management program is critical. Constantly auditing vendors and ensuring they are employing strong security practices internally. It is easy to say you are outsourcing risk to a 3rd party. In the end it is your business which suffers for their failures.
Issue: Covid-19 has pushed all businesses to expand their remote access. Either through granting employees more remote access to the corporate network or quick adoption to cloud solutions. Ensuring users have access to the information they need from anywhere has become essential. Businesses also need to keep their information out the hands of competitors and unauthorized users. The last thing anyone wants is all employee names and social security numbers showing up in a Google search.
Solution: Thoughtful architecture of a business system, resources and information is necessary. Ensuring businesses are using business quality solutions rather than consumer grade solutions is critical. Losing a company’s critical data can be catastrophic. You need to consider a redundancy, availability and security. If there is a failure what is the recovery plan?
Issue: End users have been, and continue to be, a significant security challenge. End users are targets of phishing campaigns, they unintentionally click on links they think are safe, they forget passwords and circumvent security procedures to make their computing lives easier.
Solution: It is the responsibility of IT and security professionals to educate end users. Teach them why we ask them to use the software we approve. Teach them how to identify suspicious emails. Employ multiple levels of security to thwart phishing. We also need to make computing easy for them. Users will do what we want if we make it easy for them.
There are many other security issues IT and security professionals must deal with. If you need assistance in dealing with your security challenges, contact us to discuss how we can help.