With increasing stories about data breaches making the headlines on a near daily basis, the topic of security has become more important than ever. According to a report issued by the Ponemon Institute and IBM, the average cost of data breaches around the world increased by 15 percent during the last year. Each compromised record translated to a cost of $145, translating to a total cost of $3.5 million per company for each data related breach. The most common causes of many of these breaches involved malicious code and sustained probes.
Another element that many of these data breaches seem to have in common is that even a small, simple action, such as applying a security update or requiring two-factor authentication for remote access could have prevented the attacks.
Criminal attacks are now a growing concern among most organizations. In order to prevent such attacks, organizations that use remote-access tools must ensure those tools are secured through the two of two-factor authentication. Simply put, if you are not defending your front line with two-factor authentication, hackers will find it to be much easier to brute-force passwords. Among the most recent breaches was the Heartbleed attack. In those attacks, implementing a Heartbleed fix could potentially have thwarted a breach. Insider threats are also a serious issue today. While the most obvious protections could prevent the loss of data, those measures are often the ones that are overlooked the most.
The subject of security is one that we have been reviewing with customers for many years. Among the most common mistakes that many organizations make is providing unlimited and unmonitored access to system administrators. This, unfortunately, sets the stage for trouble later on. In many instances, admins use hosted remote access tools such as Gotomypc or LogMeIn. If these admins were required to use a centralized remote access tool such as RHUB remote support servers, an audit activity trail would be captured. In addition, the scope of access would also be limited, thus reducing possible threats. Additionally, by requiring two-factor authentication to remote access tools, you can ensure that your employees are not able to utilize another individual’s credentials in order to gain access to different systems.
It should be noted that this would not prevent an admin from utilizing a rogue remote access tool in order to gain access to your network or even from physically logging into a system. Nevertheless, by blocking unauthorized remote access tools from your network and implementing the right physical security practices, you can significantly reduce such risks.
In all instances, successful security should be multi-layered. Those layers must often be comprised of a series of small steps. While on the surface those steps may seem unimportant, the grand sum total can help to mitigate risks and protect your organization from data breaches and hackers.
Are you interested in obtaining improved remote security for your networks? If so, contact us at 866-758-0984 or email us at firstname.lastname@example.org.