The vast majority of the breaches, according to the study, stemmed from servers and applications, not desktops or mobile devices.
And a whopping 90% of the breaches could have been prevented by implementing and following standard, basic, fundamental security practices and procedures.
We're talking the real basics here, folks:
Change default credentials
Don't share credentials
Patch immediately and comprehensively upon patch availability
Review user accounts regularly
Terminate IT access thoroughly when employees are terminated
Log and monitor Web and application access
This stuff is so fundamental that the fact that it's not in place among the organizations breached is a reminder of just how lax, how sloppy, and how vulnerable our records are at some businesses.
Not yours, one hopes. Small and midsized businesses can learn a lot from the bigbiz mistakes that enabled (sic) the record number of breaches last year (a record that, my bet is, will probably be broken this year)
Take some time, now, to review your security practices, procedures, and policies from the ground up, making sure that all your fundamentals are in place.
And once that's done, keep an eye on them.
The complete Verizon Data Breach Report is here.
And speaking of fundamentals, bMighty's upcoming online event exploring Security On A Budget will be looking at affordable, practical ways for small and midsized businesses to implement and maintain the very sorts of security fundamentals (and more) discussed above. Register now:
|
|
|
 bMighty bSecure is a virtual event designed to help your company stay secure in the most cost-effective way possible. bMighty and InformationWeek editors will bring together SMB security consultants, analysts, and other experts, along with real IT execs and users from small and midsize companies to share the secrets of keeping your company secure without breaking the bank.REGISTER NOW!
|