It's National Cybersecurity Month and we, as a Systems Engineering team, are very conscious about practicing good IT security measures. As such, it's important to remember that protecting confidential data spans from desktops, to the cloud, to mobile devices, and more.
As data moves to the cloud and becomes accessible from anywhere, it’s more important than ever to ensure that both corporate and personal devices being used to access data and services are secure. There are many options for addressing these security concerns, but choosing the right tools and configurations can quickly become complex. Considering what to do about devices like laptops, tablets and smartphones while in the office, at home, and while traveling can become overwhelming or cumbersome. Some organizations may find a secure one-size-fits-all solution, but many will want, or need, a little more flexibility.
When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is that the protection of information and applications is always evolving and, as criminals find new ways to exploit weaknesses, it's tough to stay one step ahead.
It seems we can’t go more than 24 hours without hearing about the latest and greatest data breach that affects millions. So we ask ourselves, “What can we do better?” After all, if the “bad guys” can hack into the federal government, Home Depot, and Target, what hope do small and medium-sized businesses have?
Are you aware of the amount of data you have? Do you know how to manage your data growth? Do you know how long it will take to recover your critical data and applications in the event of a disaster?
Has anyone at your organization ever received an e-mail that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns, but in the month of August; or a note from what appears to be your accounting firm, indicating they need you to confirm Social Security Numbers in order to send employees paychecks?
Data breach attacks are only getting more sophisticated and gaining more traction. They're happening to individuals at home, employees within organizations who click on the wrong link, CEOs who are targeted in a Business Email Compromise, and the list goes on. What's even worse is that small- to medium-sized businesses are more of a target than the large corporations. According to Verizon's 2017 Data Breach Investigations Report, 61% of all data breach victims are businesses under 1,000 employees.
Email can work for you, and it can be used against you. On the positive side, it's a tool that allows organizations to collaborate, communicate, and save time.
On the negative side, cybercriminals are savvy enough to use it as a weapon to send phishing and spear-phishing emails to unsuspecting recipients allowing confidential data to be exposed and money to be stolen.
On June 28, Google's Project Zero discovered a major vulnerability in Symantec and Norton products, including Symantec Endpoint Protection (SEP) and Mail Security for Exchange. Symantec has released a new version of SEP and patches for the Exchange product that resolves the vulnerability. Symantec Cloud users will automatically receive the update for the vulnerability while Symantec Enterprise SEP, and the discontinued Symantec Small Business Edition (SBE) users, will require a small project to install and apply the updates.
The time to think about Mobile Device Management (MDM) solutions and policies isn’t after employees start using various personal devices for work.
At our recent Lunch & Learn, Personal Devices and Corporate Data: The impact of BYOD and MDM in the workplace, Elek Miller of Drummond Woodsum stated, “You need to carefully consider your policies & procedures and document them prior to any employee using a device for work. It is one of the most important/first things you should do prior to implementing any MDM solution.”