This post brought to you by CDW. All opinions are 100% mine.
Your company’s computer and networking infrastructure contains not only information vital to your business and its financial health, it also contains personal and financial information about your employes and customers, too. Protecting all this information is impossible when you haven’t identified all the threats. A variety of factors complicate this task: risks constantly evolve, making it difficult to keep your security systems up to date; technology is evolving and infrastructures are becoming decentralized; and the proliferation of mobile devices adds another layer of complexity. Worst of all, most everybody has access to the Internet and many of them have sophisticated skills and a desire to prove what they can do – against companies such as yours, perhaps.
CDW is a leading provider of technology products and services for business, government and education. In addition to hardware and software, they provide services that help you get the best from your equipment and help you protect that equipment and the data it contains. CDW has worked to identify threats against your systems, and they have created the 7 Identified Threats brochure that you should download and read to learn what you’re up against so you can implement a Data Loss Prevention program.
The seven threats identified by CDW are:
- Malware - Malicious software, loaded onto your system by increasingly sophisticated methods, is designed to disguise itself from recognition as it captures passwords and sensitive data or perhaps just to be a nuisance that costs you time and money to identify and remove.
- Attacks on Web Browsers/ Hostile E-Mail Attachments - Web-based services and e-mail have become so firmly entrenched that companies rely on them to do their business. Both of these services are easily exploited with innocent-seeming pop-up windows, attachments, and links that lead to downloads of malicious software. Spam can serve to deliver this malware, and the sheer volume of it can overwhelm and slow your services.
- SQL Injection Attack - These attacks are an increasingly common threat that passes malicious code in a string to an SQL server, that then leaves your infrastructure vulnerable to vandalized or replaced web pages, theft of credit card and other private data, or even manipulated or corrupted databases.
- Configuration Management / PC Lockdown - Internal threats to your infrastructure integrity. Unexpected dangers are weak passwords used by employees or consultants, or the possibility of employees having unauthorized software on their laptops or external drives, employees who have access to systems they aren’t entitled to use – and employees with a grudge who are willing to pass along access or information to others. Most surprising to me is that many companies don’t have an exit procedure to limit further access to company systems after an employee is dismissed, sometimes for days or weeks after they have left the company.
- Passwords - are a weak point, even when a company tries to enforce strong password creation. Employees leave sticky notes laying around with their hard-to-remember password displayed for all to see or even recite the password aloud when they have to recover it from IT.
- Wireless Security - Wireless networking is required to allow smartphones, tablets, laptops, and even cash registers and barcode scanners, and other equipment to connect to the company’s network, and wireless networks are more exposed. You have to not only consider security on the mobile devices, but on the wireless network itself. Finding an unprotected network is as easy as walking or driving down the street while a wireless device searches for networks that can be exploited.
- Loss of Mobile Devices - Mobile devices make it possible to do business wherever you are, but they contain sensitive data and are access points for your greater system. If a mobile device is lost or stolen, your company needs to be able to lock, track, or remotely wipe a lost device.
All of this is a lot to consider, and it’s probably not something that everyone wants to tackle alone. CDW provides services that can help you create a Data Loss Prevention plan. They can help you evaluate your existing infrastructure and security methods, identify your weaknesses, and work within your budget to find and implement solutions to protect your company from these seven threats. They can even provide continuing 24/7 support for your security solutions. Watch the above video, download the brochure, then contact CDW to see how they can help your protect your data, your customers’ data, and the financial security and reputation of your business. You may even qualify for a free security assessment.