1. Insufficient DDoS Protection
If your company was the subject of a DDoS attack could your website keep running? Too many firms do not invest in proper DDoS protection, leaving them vulnerable to an attack that could stop them trading for days. Having suffient network scrubbing ability, and a system that knows the difference between good and bad traffic, is essentail.
2. Not segregating your network
Breaches happen, but companies need to make sure that by getting into one part of the network, hackers are not able to access it all. This was the problem at Sony Pictures. Having succesflly made one breach, the hackers were able to roam freely around the network. Seperate servers, storage devices, routers, and switches can help limit the damage that happens when a hacker gains entry.
3. Having a firewall but no encryption.
Some firms believe that by just putting a firewall on the perimeter they can stop the bad guys coming in. That simply is not the case anymore. As with segregating parts of the networrk, firms have to assume they are going to breached, and properly encrypt data for when it happens.
4. Corporate iPhones
All mobile devices need to protecting, but iPhones are increasingly be offered by firms, and are particularly susceptible. Using toolls like the Protected Access 2 (WPA2) Enterprise protocol for WiFi security, and Microsoft Exchange ActiveSync for securing emails.
5. Employees
The biggest flaw in any system is the humans. Whether its through social engineering or genuine human error, it’s always people that are the weakest point…and that’s before we think about internal sabotage.
Company wide education is being emphasised by many, so that staff are on board with the strategy. Make security convenient for employees, not a burden to their work, and they will use it.