10 Security Risks Enterprises May Be Overlooking

1 - 10 Security Risks Enterprises May Be Overlooking
2 - Your Dining Habits
3 - Your Hotel Room
4 - Other Risks to International Travelers
5 - The Lost Cell Phone
6 - The Insider Threat
7 - The Unlocked Server Rack
8 - Third-Party Web Applications
9 - Your Cleaning Service
10 - Your Document-Shredding Policy
11 - The Unencrypted Email
1 of 11

10 Security Risks Enterprises May Be Overlooking

by Chris Preimesberger

2 of 11

Your Dining Habits

Hackers are becoming increasingly creative in the ways that they infiltrate computer networks. In one case, hackers breached the computer network of an oil company by infecting the online menu of the employees' favorite Chinese restaurant with malware. This type of watering-hole attack reflects the extent to which an adversary will go to attack a target.

3 of 11

Your Hotel Room

When traveling internationally, competitive rivals may be aware of your trip beforehand and will plan accordingly in order to take advantage while you're on the road. If you are staying at a hotel and leave your laptop unaccompanied in your room while going to the gym, your chances of having your device compromised through the discreet installation of key-logging malware increases exponentially.

4 of 11

Other Risks to International Travelers

Business travelers should always assume that they could be a target, particularly when traveling to known competitive intelligence destinations around the world, such as in Asia and Western Europe. If possible, use devices specifically designated for traveling that should only contain data relevant for the purpose of the trip.

5 of 11

The Lost Cell Phone

An effective bring-your-own-device (BYOD) policy increases employee efficiency and can build a happier, more productive workforce. It is crucial to standardize acceptable use policies that cover topics such as local storage of files, connectivity to the network and remote-wipe capability in case of loss.

6 of 11

The Insider Threat

In many cases, data theft within organizations is linked to employees and others with legitimate access to systems, networks and sensitive data. This can be the result of inadvertent behaviors due to human error and a lack of policies or a deliberate breach attributed to a malicious insider. From a hiring perspective, comprehensive background checks and due diligence can help reveal a pre-hire's connection to any potential competitive intelligence adversaries.

7 of 11

The Unlocked Server Rack

Physical security should be considered at locations where IT infrastructure and data are stored and created. Alarms and guards may be necessary, but the most effective approach ensures physical security controls are mapped to well-defined and well-enforced policies and procedures.

8 of 11

Third-Party Web Applications

Research indicates that a limited number of exploits in only a handful of widely used third-party applications are responsible for nearly all successful enterprise malware infections on Windows clients. Transitioning away from commonly exploited applications and using less popular alternatives would prevent some exploits, because many of them target the libraries specific to those applications.

9 of 11

Your Cleaning Service

Because external relationships are a reality of modern business operations, a proper analysis of vulnerability should extend to the various vendors, suppliers and other third parties within a company's ecosystem—even the cleaning service. In the case of Target, a company that invested millions in malware detection and endpoint protection, the data breach was the result of stolen credentials belonging to a third-party vendor.

10 of 11

Your Document-Shredding Policy

Many companies don't give file or document disposal a second thought. Employees toss documents in the trash or recycle bin, or delete them from a shared drive, and they think that's the end of it. If a would-be data thief is looking for intellectual property or confidential information, the act of "dumpster diving" can lead to a potential goldmine.

11 of 11

The Unencrypted Email

Although most companies understand the importance of secure file sharing, you'd be surprised by how many still communicate with third parties via unencrypted emails and employ generally poor WiFi practices. Organizations should implement tools that force storage encryption and encrypt data for end-to-end communication. They should also ensure that employees avoid using public WiFi networks.

Top White Papers and Webcasts