In this present day, when information security can no longer be taken for granted, people and organisations need to understand the importance of having a security mindset at all levels within a business and not just the IT department.
People who work in the IT department are probably aware that many security incidents that occur are not because the computers are faulty, but because the users from the business side of the organisation are using the information systems incorrectly.
Such wrongdoings cannot be prevented with technical safeguards only – what is also needed are clear policies and procedures, training and awareness, legal protection, disciplinary measures, the list goes on.
The conclusion is that technical safeguards are not enough, and that the IT department, although very important in an information security project, cannot tackle information security alone.
It is very important to be able to identify security threats and potential vulnerability in your organisation. Some organisations run penetration testing activities to identify any security threats or vulnerabilities.
This article will help to explain some common vulnerabilities, how you can identify and mitigate them, some best practices for securing your IT systems and how you can protect yourself.
Threats come in different sizes and forms, and mostly with the use of malicious code called malware. Malware is a software application that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system and the most common mode of delivery is via email and suspicious websites.
This is a non-technical form of attack wherein techniques are used to get the target user to reveal their usernames and passwords, or to run compromised software. There are a lot of tools online that can enable the attacker create a fake (spoof) email, website or even SMS message that looks legitimate.
There are several goals to social engineering:
An example of social engineering could be an email from your bank asking you to refresh your login details or, an email from your HR department asking you to update your employee details. Social engineering is use to exploit trust between people and is often a verbal trick or believable lie.
These are just some of the threats and security vulnerabilities that you need to be aware of, to ensure that your organisation is secure.
You can also read our guides to securing online products and services with security best practices, why it’s safer to store data in the cloud and securing web communications with SSL and TLS for further advice.
For more information on information security awareness, identifying security Threats and identifying vulnerabilities, download our free guide: “The Security Mindset”.