Business Tech Vulnerabilities: Problems & Fixes

It’s fair to say that technology plays a key role in modern business. Without a thorough understanding and implementation of tech, it’s far too easy for your business to fall by the wayside. Technology is how businesses are run; contracts signed by email, customer files stored digitally rather than electronically, every employee history accessible with a few taps of a keyboard.

It’s impossible not to see these technological advancements as a good thing. Businesses have become simpler, in the best way imaginable. Technology has sped up tasks that otherwise would have taken weeks, improving the way the world works beyond doubt.

So let’s all agree: technology + business = good things.

However, there are a few downsides that no savvy business owner can afford to overlook. If you want to have a full grip on all of the tech, internet service, devices, and storage that your business uses, then you need to think about the potential that exists for vulnerabilities. By ensuring you close any potential gaps that could be exploited, you can be sure that your business is able to enjoy all the benefits of technology, but without any of the pitfalls.

Here’s a look at the areas you’re going to need to focus on.

The Employee Threat (Part One)

Everyone that accesses your business tech is a potential weakness in your systems.

The Problem

If that sounds harsh, perhaps it is– but it’s also true. Computers and technology can do a lot of the heavy lifting; they can prevent attacks on your system, ensure you maintain your records as you should, even do your accountancy work. However, these processes can only happen if they are correctly controlled by human hands.

This is a particular concern when it comes to security. Passwords are great; but humans who don’t change their default password are incredibly common. Your members of staff may have little appreciation for the way that their behavior has the potential to cause real disruption to your business.

Solutions

It’s important to preach a need for constant vigilance when it comes to tech security. If a member of staff has access to a database or your public cloud hosting, then they need to be able to prove they understand the security requirements. One way of doing this is by making each employee take a quiz to prove they at least know the basics of online security.

The Employee Threat (Part Two)

Yes, sadly, there’s more than one issue when it comes to your employees. Even if you feel you have the best staff in the world, there’s no denying the fact they have the potential to cause you all manner of problems. Let’s focus on another potential employee issue you need to be aware of…

The Problem

One of the major benefits of technology is that working has become more flexible. We can now go through important emails on our phones, browse through customer records to fix problems on the beach if we so desire– but this flexibility is also a security risk.

First and foremost, if your employees are accessing the company software or cloud when out of the office, there needs to be restriction on how they do it. For example, how are they connecting to the internet? Are they using open Wifis? If so, that’s a serious risk to your company safety.

  • Insist that any out-of-office Wifi connections must be completely secure; the home network of your employee, or a reliable mobile network.
  • All security passwords must be changed from default.
  • Never, ever, ever should an employee connect to an open Wifi network. These are simply not secure enough for your company data.

Of course, there’s no way of guaranteeing that employees are actually going to do this. All you can do is make the point, explain why it’s so important, and make it clear you will take any transgressions of this rule extremely seriously.

The Outside Threat: DDoS and Hacking

Okay, enough making you worry that your employees are going to bring down your business! Let’s give your employees a break, and move onto the threats that come from the outside.

Many of us think of hacking problems as being an issue for large companies. After all, if hackers are going to spend their time trying to breach a company, they’re going to go after the big fish– it guarantees them the bigger payday. if your business is only small, then you might just entirely overlook the hacking threat, seeing it as one that other, bigger businesses need to be concerned with. This attitude poses a real threat to your business.

The Problem

Sure, hackers want the biggest payday or to cause the maximum disruption with their work, so they’re going to target large companies. However, large companies also have far sterner security blocks than small companies. That means it’s more work for the hackers to breach them. Instead of spending weeks working on a single company, many hackers might turn their thoughts to small companies– where the vulnerabilities in the tech are easier to exploit.

One particular risk that you need to be very alert to is ransomware. Basically, ransomware means that your systems will be shut down — you won’t be able to access any of your computerized data — until you pay the hackers off. Ransomware is incredibly lucrative for hackers, even though people are always advised not to pay hackers. The truth is that for many businesses — especially those that are not as tech-aware as one might hope — their only option is to pay. If they don’t, they no longer have access to all of their business files; potentially meaning they literally can’t run their business.

As well as ransomware, you may also find yourself falling victim to a “distributed denial of service” — better known as DDoS — attack. These attacks have the potential to bring everything related to your business offline; company records, accounts, anything at all.

These two issues — ransomware and DDoS — are matters your business tech has to be alert to at all times.

The Solution

The simplest way to protect against ransomware is to completely backup your data, ideally on a daily basis. Yes, this is time consuming, but at least it means that no one can ever hold your business’ critical data hostage. If you have backups, then what’s being held ransom isn’t as vital to your business continuity. It does still pose a risk; for example, you don’t want your customer data to be leaked, but at least you can continue your business while you deal with the issue. Contact the cybercrimes department of your local police force for further assistance, but be reassured by the fact your business doesn’t have to grind to a halt thanks to those handy backups.

When you have a backup regime in place, examine the providers you use for various tech services. You will need to select your systems and public cloud hosting very carefully; decent providers will have some sort of DDoS protection included.

Will the above measures work? To a point. It’s almost impossible to ensure that you never get hacked, but the above will at least limit the damage, and make hacking harder to do.

The Update Problem

Let’s wrap things up with a simple word of warning about updates. System, software, and tech updates are annoying. When you get the notification, it’s impossible not to roll your eyes with frustration. You’re now going to have to sit through a potentially long update process, unable to do anything useful in the meantime… so you click ‘postpone’ or ‘remind me later’.

Then you keep clicking ‘remind me later’. Upgrades are always inconvenient, especially if you’re busy running a business. The idea of your system shutting down to update just isn’t feasible, or at least, you’re not willing to let it be feasible. So you keep postponing, over and over and over again.

The Problem

Let’s be honest: you know what is about to be said. This isn’t your first day online. You know that updates are important. You know that they contain security fixes which can help protect your business files. You know that you should install them immediately. We all do; we’re all well aware that those irritating update notifications are actually a good thing, our tech telling us that it’s found a way to make itself better.

If you don’t update — as you well know — then your system is going to be vulnerable. Patches for security glitches that were included in the update aren’t going to be available to you. So, it’s fairly clear what comes next…

The Solution

Update as soon as you receive the notification to do so.

Yes, it’s inconvenient. Yes, it’s annoying. Yes, it always seems to happen at the worst possible time. However, considering the stakes — the very safety of your business — then these are relatively small issues. It’s worth a little inconvenience to keep your data, your customer’s data, and your entire business operation as safe as possible.

With your vulnerabilities closing, your tech security will ensure your business continuity for years to come.

About Will Chatham

Will Chatham is an Information Security Analyst, OSCP, Ethical Hacker, and Penetration Tester at a federal data center in Asheville, NC. Since Netscape 2.0, he has worked in a wide array of environments including non-profit, corporate, small business, and government. His varied background, from developer to search engine optimizer to security professional, has helped him build a wide range of skills that help those with whom he works and teaches.

Bookmark the permalink.

Leave a Reply