The 4 LEAST Effective IT Security Measures

IT security is a major ongoing issue for every organization. Each and every year seems to set new records for online threats—data from the Identity Theft Resource Center (ITRC) states that the number of data breaches in 2017 were a “44.7 percent increase over the record high figures reported for 2016.”

With businesses facing such a large and consistent rise in cybersecurity threats, it’s little wonder that finding ways to protect your business online is so important. However, many businesses end up employing incredibly weak and ineffective IT security measures. This leaves the businesses highly vulnerable to attack, and may end up increasing the impact of a data breach event should one occur.

So, to help you improve your company’s cybersecurity posture, here’s a quick list of the top four worst IT security measures that you need to avoid.

1) Single-Factor Authentication

Whenever a user on your network wants to access a database or application, it’s necessary to make sure that said user is, in fact, authorized to access that resource. This authentication process can use three different factors to verify a user’s identity:

  1. Knowledge Factors (Something You Know). These factors rely on something the user knows to allow access—such as a password or ID number.
  2. Biometric Factors (Something You Are). These factors use something intrinsic and unique to the user to verify identity—such as their voiceprint, retinal pattern, fingerprint, or DNA.
  3. Physical Token Factors (Something You Have). These factors rely on something that the user possesses to verify their identity, such as an authentication tool, time-sensitive single-use code, or even a specific access device to confirm the user’s identity.

In a few of the other posts on this blog, Eric Dosal and I have stressed the importance of using multi-factor authentication (MFA) to make your employees’ and customers’ user accounts more difficult to breach. Where MFA techniques use several different authentication factors to verify a user’s identity before giving them the keys to the proverbial kingdom, single-factor authentication simply asks users to verify one authentication factor before granting access.

While usually easy and convenient for access, single-factor authentication strategies are incredibly weak when it comes to keeping attackers out of your network. For example, the most common single-factor authentication model is the basic username and password. Here, if an attacker manages to guess a user’s password, they’ll be able to access the user’s account and abuse all of the privileges that come with that access. Speaking of passwords…

2) Easy-to-Guess Passwords

Considering how common passwords are as a security measure for incredibly valuable and sensitive information, you’d think that people would put a lot of thought into their passwords to create strong ones that are hard to crack. Unfortunately, there are far too many cases where people will use an incredibly weak and easy-to-guess password for their user account.

Weak passwords are virtually worthless as a means of securing your IT assets against attack. But, what constitutes a weak password?

One litmus test is to see if the password appears on a “Top 25 Most Common/Worst” passwords list—like this one from Time magazine. Other key indicators of a bad password that will likely lead to an IT security incident include:

  • Passwords that are literally just a word from the dictionary.
  • Lack of uppercase and lowercase letter switching.
  • Failure to mix letters and numbers in the password.
  • Lack of special characters (like !, @, #, *, or %)
  • Short passwords (less than 12 characters long).

If a password is going to be the primary IT security measure you employ for your business’ user accounts, that password NEEDS to be as strong as possible. Consider making your password creation system require the use of:

  • Both uppercase and lowercase letters.
  • Numbers and special characters.
  • At least 12 characters.

You can also allow passwords that include blank spaces so users can create entire passphrases that are much harder to crack than a single word.

Download Now

3) Weak (or No) Wi-Fi Security

Wi-Fi network connections can be incredibly convenient for allowing employees to wirelessly connect to the internet. However, they can also be a major cybersecurity risk for your organization if they aren’t properly secured.

As noted in a Kaspersky Lab article on the dangers of public, unsecured Wi-Fi networks:

“The same features that make free Wi-Fi hotspots desirable for consumers make them desirable for hackers; namely, that it requires no authentication to establish a network connection. This creates an amazing opportunity for the hacker to get unfettered access to unsecured devices on the same network.”

Having weak (or no) Wi-Fi security for your network’s wireless connection turns your private work network into a public hotspot for anyone who is physically close to your Wi-Fi router. This puts your network at a greater risk of being attacked—especially if your business is in a space accessible to the general public.

If a hacker is able to set themselves up between your employees and the Wi-Fi connection point, then they can easily monitor your employees’ network activity and steal data—including emails, security credentials, and the personally identifiable information (PII) of your employees or customers.

So, how can you strengthen your Wi-Fi network security? Network World has an article that outlines several key measures. For example, the article recommends:

“deploying the enterprise mode of Wi-Fi security, because it authenticates every user individually: Everyone can have their own Wi-Fi username and password. So if a laptop or mobile device is lost or stolen, or an employee leaves the company, all you have to do is change or revoke that particular user’s log-ins.”

Normally, Wi-Fi routers have a single password shared by all users. This means that if someone leaves your company, you’d have to manually reset the router name and password to prevent them from accessing it again. Another significant concern is what would happen if a device with your Wi-Fi router’s WPA password were to be stolen. This scenario would require getting every single user in your office to change their Wi-Fi settings.

However, by using the Wi-Fi system’s enterprise mode, you can give each user a unique access code for your router. This makes it so you only have to revoke/reset one person’s access credentials if they’re terminated or lose a device rather than making everyone in the office make the changeover.

Further securing your network with client-side server verification tools helps to prevent “man-in-the-middle” attacks because the employee device won’t send out its access credentials until it verifies that it has connected to the right Wi-Fi network. Without such protection tools, the employee’s device may send out login credentials to a hacker trying to spoof your Wi-Fi router’s SSID, giving the hacker free access to your network.

4) Lack of Redundancy for Core Network/System Devices

In disaster recovery and business continuity circles, there’s a concept known as the “single point of failure.” This concept refers to any single device or component in a technology solution that, if it fails, would result in an inability for that solution to function properly.

For example, say that you have a single data center that holds all of your business’ mission-critical information. If that system were to fail, you wouldn’t be able to handle tasks like customer billing, purchase orders, and the like because all of the information such transactions rely on would be inaccessible. Or, say you have a router that controls all of the traffic requests on your network—if that router fails, your network would be effectively neutralized as nobody would be able to access the data and systems they needed.

A lack of redundant (a.k.a. backup) systems creates a critical vulnerability in your business’ network infrastructure—compromising your IT security. If attackers can identify a single point of failure in your IT network and bring it down, then they can do incredible damage to your business—potentially holding your network for ransom.

The best IT security measure for overcoming a lack of redundancy is to perform a thorough assessment of your IT network to identify all of the assets you have and any single points of failure that could harm your business. Once you’ve identified your single points of failure, create a plan for resolving that single point of failure so you can avoid a worst-case scenario.

For example, if you only have one data center, consider using a cloud-based backup data storage solution so that you’ll have a copy of your most important information available when you need it. If you only have a single router to direct traffic on your network, consider adding secondary routers to pick up the slack if one goes down or needs maintenance.

Creating redundancy for each of the components in your IT network is crucial for preventing severe disruptions that can be caused by attacks on your network, natural disasters, and everyday system glitches.

If you need more help and advice for securing your IT network, contact the Compuquip Cybersecurity team today, or download our Cybersecurity Basics Guide at the link below: