We all know that terms like cyber threats and data security are huge buzzwords in today’s world. What with the list of high profile victims such as Sony, Target, Ashley Madison and Yahoo on the rise, what exposures does a tech company really face.
Internal Issues –
Employee related issues are the number one threat to a company’s data and systems. This could be in the form of a disgruntled member of the IT team with knowledge of and access to your networks, data and administration accounts. Alternatively, an employee who is not trained in the best security practices and has weak passwords, visits unauthorised websites and/or clicks on links/opens attachments in suspicious emails, could be to blame. Similarly, it could be a careless worker who forgets their unlocked mobile device in the back of a taxi.
Mobile Devices –
Data is highly vulnerable when employees are using mobile devices to share data and access company information. With more companies embracing a ‘Bring Your Own Device’ to work policy, they face the increased risk from those devices being connected to the company’s network. This could be due to poor IT security, the use of an unsecure wireless connection, or from installing a flawed mobile application which leads to malware accessing the company’s network.
Third party service providers –
As technology becomes more specialist and complex, companies are relying on Third-party service providers to support and maintain their systems. These third-parties typically use remote access tools to connect to the company’s network. This makes the company extremely reliant on the Third-party service provider’s security practices. Many high profile breaches are believed to be as a result of the exploitation of remote vendor access channels, as a way in the back door to a company’s network. It is therefore crucial to ensure that adequate vetting is done before allowing third parties to access a network.
Cloud Computing –
Cloud computing is growing in popularity, with the majority of businesses in the UK using at least one Cloud service. Due to the vast amount of data stored on cloud servers, they are increasingly becoming an attractive target. Once again you are putting your trust in the hands of an outsourced company, losing a degree of control over the security, access and management of your data. A company may feel comfortable with and trust its cloud provider after performing due diligence, but cloud service providers often have a multitude of partners, such as data centres, storage and back-up, who also potentially have access to your data. Assuming that you have transferred your risk when you transfer your data is not the case. Legal obligation rests with the company that initially accepted the data and ultimately, companies are responsible for protecting their own data in the cloud. Furthermore, cloud providers have generally done a good job of limiting their liabilities by way of their contracts. The question of where your data is being stored, can also raise issues. With cloud providers operating in multiple jurisdictions and the jurisdiction defining your rights, your data may end up being stored in a location governed by different laws, regulations and compliance requirements.