Businesses and individuals are increasingly relying on computers and Internet-based networking. They experience several benefits, but also potential risks. When staff or business partners have constant access to internal networks from insecure locations, security is a major concern.
The Rise of Cybercrime
Cyberattacks generally refer to criminal activity involving the use of a computer network, normally conducted via the Internet. Internet users and organizations face increased risk of becoming targets of cyberattacks. An independent research report conducted by Ponemon Institute on organizations located in the United States in 2013 found that the U.S. experienced an increase of 18 percent in successful attacks from the previous year.
Today, criminals have more advanced technology and greater knowledge of cyber security. Attacks may include financial scams, computer hacking, virus attacks and distribution, denial-of-service, theft of an organization’s information assets, posting of sensitive business data on the Internet, and malware.
Risks of Cybercrime
For businesses and corporations, the cost associated with cyberattacks is large. Stolen or deleted corporate data can inflict financial damage on the victim, damage the company’s reputation, and negatively affect people’s livelihoods. The risks are even higher for small companies, since their businesses may rely solely on project files or customer data bases. The same Ponemon Institute study reported that in 2013, the average cost of cybercrime in the U.S. was $11.6 million annually - an increase in cost by 26 percent from the previous year.
Organizations should follow basic guidelines in order to reduce the security threat to their data and devices. To prevent cyberattacks, companies should:
1. Use a Secure Connection to the Corporate Data
This generally involves implementing a Virtual Private Network (VPN). VPN technology provides protection for information that is being transmitted over the Internet by allowing users to form a virtual “tunnel” to securely enter an internal network to access resources, data and communications.
2. Store Data Centrally
Centralized storage of data offers protection and increases speed, convenience and efficiency for accessing files. Sharing of files enables rapid and easy access to important data from virtually anywhere in the world. The relative mobility and control of data improves effectiveness of workflow. Another crucial advantage of centralized data is cost. Although it is possible to store and backup data on multiple machines, it is considerably more cost effective to use central storage. For instance, data can be stored on a server within the corporate LAN behind the firewall.
3. Use Modern Authentication Methods
Authentication is the process by which the parties at either end of a network connection can verify the identity of the other party. Verification is typically based upon something you know (such as passwords), something you have (smart card or tokens), or something you are (biometric techniques, including fingerprint and eye scans). Deployment of modern authentication methods, such as Kerberos authentication protocol, ensures confidentiality through encryption that ensures no one can tamper with data in a Kerberos message.
4. Use Reliable, Strong Encryption Technology
Encryption is the process of changing information in a manner that cannot be deciphered by anyone except those holding special knowledge (generally referred to as a "key") that enables them to alter the information back to its original, readable form. A VPN turns the Internet (an unsecure environment) into a secure private network, by providing heavy encryption. In particular, an SSL VPN is best-suited for mobile apps.
5. Enforce Strong Passwords
Implementation of strong passwords is a basic security procedure, however it is often overlooked. Complex, hard-to-crack passwords are a simple line of defense against a security breach. Password policies, which offer advice on proper password management, should be in place. Password best practices include:
• Avoid using dictionary words or common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.
• Do not use personal information.
• Use special characters, such as * and #. The majority of passwords are case sensitive, therefore, a mixture of both upper case and lower case letters, as well as numbers, should be used.
• Choose a long password, as passwords become harder to crack with each added character.
• Create different passwords for different accounts and applications. Therefore, if one password is breached, the security of other accounts is not at risk.
• Never write down passwords and leave them unattended in a desk drawer or any other obvious place.
• Never communicate a password by telephone, e-mail or instant messaging
• Never disclose a password to others, including people who claim to be from customer service.
• Change passwords whenever there is any doubt that a password may have been compromised.
The growing popularity and convenience of digital networks has led to an increase in cyberattacks; consequently, keeping up to date with the most recent and important concerns facing the organization is in itself a challenge. Organizations can protect their highly sensitive information by following a safety plan and adopting reasonable security practices.
If you would like to learn more about VPN technology, and review some tips on critical security aspects, download our free e-book: How Do I Find the Best VPN Solution for My Company?
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here