5 dangerous situations IT managers could easily avoid

IT managers have the huge responsibility of securing their company’s infrastructure from cyber crime, whether it takes the form of malware, DDoS, ransomware, or any other type of cyber attack.

Without minimum cyber security measures in place, you could easily find yourself facing one of the five following situations.

  1. Incorrect device configuration

A member of your staff has installed a new firewall on a secondary connection to the Internet to provide business continuity in case failure of the main connection. However, they have enabled the web interface on the WAN side and left the default credentials in place. Within a short period of time, the device has been compromised by an attacker who has created their own secure backdoor into you internal network.

  1. Misconfigured firewalls

As part of enabling BYOD within your organisation, your network engineers have installed a wireless access point in the office to allow smart phones, tablets and laptops to connect to corporate resources on the network. They used a device that had been lying around for a few years and left WPS enabled, and an attacker was able to take advantage of vulnerabilities in WPS to gain access to the network.

  1. Poor access control management

Confidential data has leaked from the company and, thanks to a thorough internal investigation, your IT team has discovered that the source of the breach was a former employee. Although the employee in question was fired months ago, the company never revoked his login access to the company’s system.

  1. Unpatched software

Although the operating systems of workstations have been configured to install security updates automatically, Java, which is installed on all workstations, has not been patched since deployment. An employee was enticed to visit a website that downloaded malware through a vulnerability in Java and your network was compromised.

  1. Poorly configured anti-malware software

The malware protection software installed on all of your company’s machines has not been configured to scan files automatically upon access. A member of your staff downloaded a malware-infected PDF from an unsecure website that infected the end-user device and the whole network with ransomware.

What can you do to avoid these scenarios?

Luckily for you, all of these situations can be avoided by implementing the five security controls mandated by the Cyber Essentials scheme.

Implementing these five controls can help prevent around 80% of basic Internet-based threats, leaving you time and resources to focus on protecting your company from more advanced cyber attacks.

cescompliance-banner

If you’d like to know more about how Cyber Essentials can help you improve business efficiency throughout your organisation, download this free guide.