Network Security

Security Enhancements We Don’t Recommend Making in your Network

This may come as a shock but as long as you’re connected to the Internet, you’re a potential target for a cyber attack. You see, it isn’t just large corporations with treasure troves of data and personally identifiable information on the masses that cyber criminals go after. They also target small businesses, individuals, and they’d probably go after your little dog too if he had a digital footprint.

More than 230,000 new malware attacks/programs are launched every day. So, while more and more resources are being dedicated to counter these attacks, sometimes the best way to combat these new cyber attacks is to understand the network security ‘enhancements’ you should avoid.

Allowing Email Programs to “Auto Open” Attachments

Much like receiving physical mail in your mailbox at home is an exciting thing for everyone, so too is opening emails. So, allowing your email program to auto open email attachments sounds that much more enjoyable. Not only do you not have to take the extra time to click (or double-click) to open the attachment yourself – you don’t even need to take the time to read what that attachment is.

After all, it’s not like we would ever receive attachments in our own email that aren’t for legitimate business purposes…

All joking aside, 93% of all phishing emails contain encrypted ransomware programs. Once ransomware infects your computer, and possibly your entire computer network, you lose access to all the data you once had. Now, suddenly, your company is faced with the decision to pay whatever amount is being demanded for safe release of that data, or to lose it forever.

Don’t be that person that carelessly costs your company money, valuable time, and even more valuable company and client data because you were too curious to find out if that Nigerian Prince was telling the truth.

Storing Passwords in Plain Text

Now, there are all kinds of valuable benefits of storing passwords in plain text. We’re talking about utilizing fewer computing resources, saving money since you don’t have to scale your servers to handle the password hashes efficiently, and just saving time since you don’t have to write the code to securely store passwords.

As a wise philosopher said not so long ago, “Ain’t nobody got time for that!”

Storing passwords and confidential user information in a reckless manner can have adverse effects on both your business environment and your personal life. Besides putting your company at risk of a breach from theft of those plain-text passwords , you are leaving yourself open to a ton of liability issues from angry customers or website users if violations of privacy or fraud result. And you don’t even want to imagine the compliance implications that could wreck everyone’s reputation.

Then again, identity theft is no big deal – that’s never really hurt anybody, right?

Allowing Open Access to Your Network

Today’s workforce expects to be able to remotely connect to company servers with their work computers, and to receive emails and files directly on their smartphones and tablets. That’s all fine and dandy to make work easier, but that doesn’t mean you need to allow unfettered and unchecked access to everyone. As a matter of fact, be very picky about it.

Does the janitor that cleans your restrooms need server access? Probably not. So access to your limited guest Wi-Fi should suit him just fine..

Does Steve over in sales need remote access to his computer, email and certain types of files on the server? Most likely he certainly does. So customize his access to your secured, internal resources based on only what he needs to do his work.

Most people do not need blanket access to critical folders on the company server, so stop giving it to them because it’s the path of least effort or resistance. Create controls and different levels of access for your business colleagues based on their roles and responsibilities.

Sometimes, avoiding trouble is more about what you don’t do to invite it.