Top Five Business Security Risks

Tuesday, May 17, 2011

Robert Siciliano

37d5f81e2277051bc17116221040d51c

1. Data Breaches: Businesses suffer most often from data breaches, making up 35% of total breaches.

Medical and healthcare services are also frequent targets, accounting for 29.1% of breaches.

Government and military make up 16.2%, banking, credit, and financial services account for 10.5%, and 9.2% of breaches occur in educational institutes.

Even if you protect your PC and keep your critical security patches and antivirus definitions updated, there is always the possibility that your bank or credit card company may be hacked, and your sensitive data sold for the purposes of identity theft.

2. Social Engineering: This is the act of manipulating people into taking certain actions or disclosing sensitive information. It’s essentially a fancier, more technical form of lying.

At 2010’s Defcon, a game was played in which contestants used the telephone to convince company employees to voluntarily cough up information they probably shouldn’t have. Of 135 “targets” of the social engineering “game,” 130 blurted out sensitive information.

All five holdouts were women who gave up zero data to the social engineers.

3. Failure to Log Out: Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and, once selected, will do so indefinitely.

This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

4. Inside Jobs: With millions losing jobs, there are many opportunities for an insider to plug in a thumb drive and steal client data or other proprietary information.

Networks are like candy bars, hard on the outside, soft and chewy on the inside.

Insiders who fear layoffs may be easily tempted to use their access to profit while they have the chance.

5. Fraudulent Accounts: Many businesses lay claim to thousands or millions of members or clients who have access to web-based accounts.

No matter the nature of the business, social network, dating site, gaming site, or even bank or retailer, some percentage of the accounts are ongoing instigators and repositories for fraud.

Troublemaker accounts infect the overall stability of any organization, and flushing them out is essential.

One anti-fraud service getting lots of attention for protecting online businesses from crime and abuse is ReputationManager 360 by iovation Inc.

The service is used by hundreds of online businesses to prevent fraud by deeply analyzing the computer, smartphone, or tablet connecting to their online properties.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)

Possibly Related Articles:
9229
Enterprise Security
breaches Insider Threats Social Engineering Small Business Security Account Fraud
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.