Welcome to the WEI Tech Exchange Blog

Advice for Managing Common Cybersecurity Risks

Written by Michael Thweatt | Mar 7, 2017 1:45:00 PM

The job of an IT professional is challenging, especially since strengthening cybersecurity is constantly a moving target. With attackers trying new approaches and getting stronger with their tactics every day, protecting an enterprise’s data and information is more crucial than ever before. How can you ensure you’re covering all of your security bases? Start with managing the most common security risks, which are described in this article.

Most Common Cybersecurity Risks

Employees’ Use of Public WiFi

Although it’s convenient, public WiFi is one of the least secure methods of transmitting information around. According to Forbes, “It takes zero hacking skills to surreptitiously monitor and/or hijack communications over a public WiFi network. Widely available freeware makes eavesdropping on emails and web browsing as simple as pressing a button.” To avoid this, consider writing a corporate policy that requires employees to use a Virtual Private Network before using the internet by accessing public WiFi. At the very least, provide regular trainings that let employees know what not to share over public internet.

Physical Transportation of Sensitive Information

With much attention on digital security, employees often forget that physical theft is still a pervasive threat. In 2014, a healthcare system’s unencrypted laptop was stolen from a car. In another instance in 2011, Massachusetts General had to pay a $1 million fine when an employee left patient scheduling information on a subway that included diagnoses and constituted a HIPAA violation (some of the patients were diagnosed with HIV/AIDS). Also in 2011, a data controller commuting on a train left behind an unlocked suitcase that contained sensitive personal information on individuals involved in a court case. The list goes on and on; in 2012, a tabloid received paper documents about security for the London Olympics that a police officer had left on a train. In addition, paper or electronic assets are sometimes left behind on airplanes.

Even external storage devices aren’t immune, especially since they are compact and can be easily transported. According to HealthITSecurity, “No week is complete without a healthcare data breach in which a USB flash drive was either stolen or lost.” Think this can’t happen to your company? Be sure to brief all employees about the proper protocols when transporting company data and make sure they are aware of the risks.

Employees Working from Home

There are several cybersecurity considerations when you have employees working from home, since you can’t be in control of their physical space.

  • Physical Security – In 2006, the U.S. Veteran’s Administration lost the records of more than 26.5 million former service members when the information was stolen from an employee’s residence. If you’re sending sensitive information home with a team member, be sure they have a secure location to store it.
  • Digital Security – As the Avast! blog explains, “For those of us who are self-employed and/or work from home, our houses are sacred spaces on both personal and professional levels. Although often overlooked, our routers hold the key to our productivity, as they provide the powerful and consistent network connection…unfortunately, routers have become the weakest security point in many home and small business networks these days.” Without a strong cybersecurity policy, employees may not realize that they should update router firmware or take other defensive measures to protect against lost or stolen company information.

The Use of External Storage

Highly consider restricting the use of external devices to company-provided devices because according to PC World, “Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected.” In addition, attackers will sometimes drop USB sticks outside of a targeted business to see if employees will plug the infected stick into their work laptops.

NEXT STEPS: Learn best practices for combatting these enterprise threats in our white paper, Effectively Managing Cybersecurity - Top 5 Smart Moves. Download the paper today.