These Are the Weakest Links in Your Company’s Security

Your company is in trouble. In a very real sense, your company is always in trouble. One of those threats that never goes away is security – particularly, data security. If your company is important enough to have state-sponsored cyber threats, you already have some version of the MITRE ATTACK framework. No enterprise-level business would be without enterprise-level protection. MITRE is a nonprofit, federally funded research group that provides consulting for such organizations as Homeland Security. Your private enterprise can also benefit from their expertise.

But not every company is aware of the threats they face and might not have enterprise-class security. Your company doesn’t have to be enormous for it to be under threat. Your biggest mistake is thinking that you are safe because you are small compared to others in the same field. You have all kinds of company information you don’t want to fall into the wrong hands. Despite your measures to protect it, data is constantly leaking out in small ways. You need to know where your risk lies, and what to do about it. Start here:

The Middleman

Fintech companies are on a slow march to becoming banks. Tech companies like Apple start out by dabbling into fintech. From there, the slow march to becoming a full-blown bank feels inevitable.

One of the challenges is that these companies are not banks. They have to partner with banks with goals that do not always align with the tech company, and that rely on technologies that are not always compatible with what the tech companies want to offer. The customer has a relationship with the tech company, not the bank. That customer’s data has to go through a lot of hands before anything gets done. If Apple ever does offer more banking services like mortgage loans, they will have to partner with someone for that. And that someone might be different than who they partner with for credit cards and the like.

The consumer will have to trust a lot of middlemen. But so will Apple, Google, Microsoft, Amazon, Facebook, and anyone else who wants to move in that direction. The weakest link is usually the one you don’t directly control. Limit your sensitive interactions to the companies that you know, trust, and don’t rely on unknowns as contractors for critical infrastructure.

Free Apps and Services

You should be suspicious of any truly useful app or service that pretends to not want any money for the value they are providing. Of course they want money. They just don’t have enough confidence in their product or service to charge end users for it.

It can’t be overstated that if the product or service is free, at some level, you are the product. Such services can’t afford to be too locked down because some part of your interaction with the product is what is being monetized. Free VPN apps are often booby-traps. Any app that promises something that makes it easier for you to get things that are otherwise hard to come by through legitimate means should be avoided. The devices your employees use for work are often the vector for attack because if they can download free apps, they will. It only takes one compromised device to compromise your entire organization.

Verification

If you get a message from your boss asking for a sensitive piece of company information, you are likely to give it to them with no questions asked. That is a big problem because there should be some questions asked to ensure that you are dealing with who you think you are dealing with.

Once your email list gets compromised, it is pretty easy for you to get phished by someone pretending to be one of your managers. This can be a real problem with remote work because you can’t just walk over to your manager’s cubicle and verify that the request came from her. Companies need better ways of verifying identity so that they are not being impersonated by thieves, and so that they are not sending sensitive information to thieves.

In business, there will always be security risks. The ones you don’t know about are always the worst. Be mindful of middlemen over which you have no control, free apps and services that could exploit your data, and unverified requests for sensitive information.