With 1,500 network security reviews under our belts using CDW Threat Check, we’ve learned a few things about how organizations can close up security loopholes.
By offering this complimentary Threat Check assessment, our team of security analysts can passively monitor an organization’s networks to identify vulnerabilities and malicious activity. As we head toward our 2,000th review, here are a few lessons learned that reiterate the importance of a holistic security approach — no matter how big or small your business.
A Rising Concern
We’re seeing a lot more bots worming their way onto organizations’ networks. They’re not just from a mischievous hacker, but criminal enterprises around the world are constantly seeking new ways of penetrating an organization’s security in order to steal information that may benefit them. In fact, these enterprises appear to be overtaking average hackers.
Botnets, malware and phishing remain the most common sources of trouble, especially when businesses do little network monitoring and so tend to be in the dark about their employees’ web surfing habits. People often click on a link because they expect it to take them to a related article but end up on an insecure web page. Employees accessing unsecure FTP sites and downloading infected files via BitTorrent are other common entry points for attackers. A good start is to set up a URL scanner to check on the security of sites because web surfers often don’t think before they click. Going one step further, next generation firewalls from manufacturers such as Cisco and/or email security tools from Proofpoint can expand your ability to protect along these threat vectors.
What’s more, sometimes they don’t have to click. Pop-up ads also can get them in trouble if they’re reading articles and there aren’t any blockers. A lot of ads are pretty packaging for malware.
Bigger Doesn’t Equal Safer
In a small company with only one or two IT pros, it can be hard to keep up with cybersecurity. But what about larger organizations with teams of IT personnel focused on security?
After running Threat Check scans in large healthcare, education and financial organizations, we’ve noted that the same problems tend to plague all businesses, no matter their size.
In big organizations, we’re still finding all kinds of malware, phishing attempts and instances of users trying to go to specific websites and being redirected to other, suspicious ones.
The more employees in an organization, the more network vulnerabilities we typically find. But there really is no difference in terms of what we’re finding — whether it’s a four-person startup or 1,000-seat corporation. We tend to uncover the same or similar vulnerabilities. This is often due to the fact that most organizations are juggling lots of projects with minimum resources and investments, making it hard to ensure full visibility into the network security situation.
The Coworker Dilemma
How can businesses take a proactive role in guarding their networks against cyberattack? Organizations must make employee education a priority. Plain and simple, that’s the No. 1 action that has to happen. Training, education and surprise exercises that appear legitimate to coworkers are the only ways to ensure that cybersecurity awareness becomes second nature to all employees.
Everyone who grew up in the Midwest knows what to do in a tornado; it’s ingrained into the thought process of daily life. We need to get to that point with cybersecurity. Coworker education will bring businesses the biggest return on investment right away because the cybersecurity problem is too overwhelming for IT departments to handle on their own.
Companies should review web surfing, email and general security protocols and policies with their employees on a regular basis because every network user needs to understand the dangers out there — and how to spot them. Employees are your first line of defense, so prepare them to win the small skirmishes that will help the organization avoid becoming embroiled in a full-on battle.
As always, feel free to comment below with any questions or contact your account manager for more information.