Some IT risks are very evident. A workstation running without antivirus software installed or with out-of-date definitions or network connections running behind and old and outdated firewall are prime examples of security risks that are fairly self-explanatory. However there are many risks to IT security in businesses across the country that are not quite as obvious. From employees using social media networks to “lost” digital media – here are few not so obvious IT security risks that pose a threat to businesses.
Instant Messaging
While AOL Instant Messenger may have lost its popularity since the early 2000s, there are still plenty of instant messaging clients that employees use to stay in touch with employees and with those outside of the office. From G-chat in Gmail to Facebook Messenger to WhatsApp, employees find creative ways to stay connected to their friends and family during business hours.
The security risk in using instant messaging clients is that unlike email, these messages are not encrypted. An employee may accidentally send out sensitive information over an instant message (say they forgot to delete something from their clipboard and accidentally pasted company information into a message). As the connection isn’t encrypted and secured like email is, instant messaging creates a doorway for sensitive information to leak out of or for hackers to sneak in through.
Random Media Showing Up Around The Office
Picture this scenario: an employee finds a USB flash drive lying on the floor just inside the office lobby. He or she assumes it belongs to someone in the office so they bring it back to the office, plug it into their workstation, and open it up to see if they can identify its rightful owner. This is a cybercrime waiting to happen. Oftentimes hackers load malicious software on a flash drive and then “accidentally drop” them in parking lots hoping a good Samaritan will notice the USB thumb drive and will try to return it to its owner.
This is the exact scenario that happened during the 2008 cyberattack on the United States. A foreign intelligence agency loaded a malicious worm known as “agent.btz” onto a USB flash drive and dropped it in the parking lot of a US Military Base in the Middle East. Someone picked it up, plugged it into a laptop on base and the work made its way into the United States Central Command. It took over a year for the Pentagon to eradicate the worm which could scan computer activity, open backdoors, and even remotely control military servers.
The Bottom Line
Some security threats are lurking just beneath the surface. A managed IT service provider can help you identify security vulnerabilities and help you create protocols and guidelines for protecting your company from an outside attack.
