Directive Blogs
These Devices Are Most Likely to Put Your Business at Risk
How Many of These Devices are in Your Office?
The more complex your technology is, the more secure you need to be. If it connects to the Internet, it needs to be hardened to prevent unauthorized access. Virtually any device can be an entrypoint for a cybercriminal or malicious software, but if you have any of these devices in your office, you need to take serious precautions when it comes to your security.
We’re identifying at-risk devices based on a few different metrics:
- The device is often used as a point of entry for a cybercriminal.
- The device stores, processes, or transmits potentially sensitive information.
- The device can be used to spread malware or ransomware.
- The device is often overlooked when considering your overall cybersecurity.
Printers: The Least Obvious Suspect
It’s easy to judge a device by the singular job you purchased it for. Printers print. That’s it, right? What is my printer doing on a list of devices that could put my business at risk?
Network printers aren’t just notorious for making short work of toner cartridges and having the occasional paper jam. Historically, printers have had their fair share of time in the spotlight when it comes to cybercrime.
Why?
Most businesses don’t keep them patched with the latest security updates, and cybercriminals know this. Printers are such an easy target to get into the rest of the network because if a vulnerability is found in a line of printers, there are often thousands or hundreds of thousands of businesses for a criminal to pick from.
You’ll want to make sure your network printers are covered under the rest of your IT, being properly maintained and kept updated.
Security Cameras: Vulnerable While Trying to Protect Your Business
The very devices you’ve purchased to watch over your assets could also put your organization at risk. Similar to printers, most businesses only look at their security system when they truly need to. That’s not a bad thing in and of itself, but just like any other device, IP cameras often have firmware updates and security patches of their own, and if they weren’t implemented properly in the first place, it could be relatively easy for someone to gain access to them.
Since security cameras are often on the same network as everything else, gaining access to one grants you access to everything else.
Smartphones (and Other Mobile Devices)
I still remember writing blog posts about security, and telling business owners about how sometimes an employee or two might own these miraculous little cell phones that do a whole lot more than your average cell phone. Nowadays, almost everybody has some sort of smartphone, whether it’s an iPhone or an Android.
Here’s the thing; you can’t (or at least, you truly shouldn’t) ban smartphones from your network. Your best employees are going to use their devices to check their email, collaborate with others, take notes, and manage their schedules.
It’s your responsibility to make sure your data is protected, even when you don’t control the device it is on.
Fortunately, mobile device management is built right into network policies. It’s just a matter of properly implementing the right policies and helping your staff understand the approval process.
Shadow IT
The most ominously named element of all IT, Shadow IT is any kind of technology on your network that wasn’t intended to be there. Technically, smartphones and employee mobile devices fall under this category, but Shadow IT goes much further. Let’s look at an example:
Let’s say two employees are working together on a presentation, but they don’t have (or don’t realize that they have) a simple means to collaborate on the same file together. They set up a third-party service like Dropbox and use it to pass along files and reports they are working on for the presentation.
Suddenly, you have files and potentially sensitive company information on a platform that you don’t control, monitor, or even have access to. Even if your employees have the right intentions, it puts your business at risk and adds further complexity to your overall IT.
The solution to this isn’t as simple as running updates. Instead, it takes training and reinforcement, along with making sure that your staff all have the solutions in place to get their work done as effectively as possible.
Cybersecurity is about so much more than antivirus these days (although antivirus is still crucial!). If you want help making sure your business is protected from all angles, give us a call at 607.433.2200.