The corporate risks associated with data security have grown substantially over the past 5 years. In our experience, personal device usage, third party hosting & integration, and remote access has never been accepted in the corporate world as much as they are today. Much of this change has been driven by employee acceptance and the rate at which technology is being incorporated into their personal lives.
What may not appear obvious, though, is that each of these devices are endpoints that pose a security risk - a point of entry that needs to be controlled, or open doors that need to be locked. The technical term used to describe this, in the security industry, is “attack surface.” Attack surface depicts the sum of points where an unauthorized user could try to access internal corporate systems, or extract data from those environments.
Determining your attack surface is crucial, and you would be surprised by just how easy it is to do (especially by a malicious individual). An initial discovery on a corporation’s attack surface can be completed armed only with the corporate website, public bio pages, and LinkedIn profiles. Add personal laptops and smartphones into the mix, and you can visualize just how quickly the attack surface becomes more complex and difficult to control.
You may be thinking that your security team has this covered, and you may be right, they likely have a great handle on this. But with the number of recent breaches in the news, we would be naive to assume that this doesn’t require more attention on our home turf.
Many security breaches and incidents occur through human error and negligence, or when using devices when traveling. My favorite example of this is from Vern Harnish; his email was hacked in Moscow allowing access to conversations with assistants, which were easily mimicked, resulting in fraudulently transferring $400k out of the organization.
Mitigating exposure and risk before an incident happens needs to come as an initiative in the organization from the top down. As the human factor in our organization is arguably the largest security risk, routine circulation of updated policies, practices, and security notices needs to be well thought out and planned into your HR and security team’s weekly activities. Corporations must ensure their team is armed with updated information to protect the corporate network, systems, and data.
Corporate security is everybody’s responsibility though. If you’re at your desk and you feel that it’s not clear to you as an employee, it’s time to start asking some questions.
You may also be interested in learning how to Unlock Customer Engagement Potential without Compromising Data Security. Watch the webinar here!