When it comes to data security, a threat is any potential danger to information or systems. Threats could be an intruder network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
It’s critical for every business to understand their risk. An important step in data security is to identify potential threats, classify them by category, and evaluate the damage potential to the company. Use this checklist to understand common data threats and assess how they may affect your business:
Technical Data Threats – Why is it a threat?
Hacking: Hacking is now a multi-billion dollar industry for cybercriminals and provides opportunities to extract data for political and monetary gains. Hacking refers to an unauthorized user gaining access to a computer or a network. There are a variety of ways that hackers gain access to networks or computers –some as intricate as altering a systems security, and others as straightforward as guessing a user’s passwords or installing a keylogger.
Cracking: Cracking is reverse engineering of software, passwords or encryption could lead to unauthorized access to sensitive information. This is another form of hacking.
Malware: Malware (short for malicious software) disrupts computer operations, gathers sensitive information, or gains access to a computer system to compromise data and information. Antivirus software and firewalls are typically used to keep malware off of computers. Examples of malware include viruses, worms, spyware, ransomware, keyloggers and backdoors, but in reality malware can be any program that operates against the requirements of the computer user.
Misuse: Employees may take advantage of entrusted resources or privileges for a malicious or unintended purpose. Included in this category are administrative abuse, policy violations, and use of non-approved assets. These actions can be either malicious or non-malicious in nature.
Errors: Errors such as system misconfigurations or programming errors can cause unauthorized access by cybercriminals. Errors can occur in-house due to faulty programming, or hackers can find loopholes that can cause errors as well.
Data Leakage: Unauthorized electronic or physical transmission of data or information from within a company to an external destination or recipient could leave data in the wrong hands.
Cloud Computing: Storing unencrypted sensitive data with lax access controls leaves data stored in the cloud vulnerable to improper disclosure. With the growing amount of organizations and people using cloud computers, it’s more important now than ever before to protect your information against hackers.
Mobile Devices: Mobile devices carrying sensitive data can be lost or stolen, possibly causing data to fall into the wrong hands.
Availability Attacks: Availability attacks are structured cyberattacks to extort or damage companies whose websites or online assets are a major source of revenue.
Advanced Persistent Threats (APT): The goal of an APT isn’t to corrupt files or tamper, but to steal data as it continues to come in. Hackers attack computer systems while avoiding detection and harvesting valuable information over a long period of time.
Third Parties / Service Providers: Third-party networks may be used by other external cybercriminals as an initial access point into a company’s network.
Non-Technical Vulnerabilities – Why is it a threat?
Remember that data security isn’t only an electronic issue. Non-technical threats can affect your business, too.
Physical: Theft, tampering, snooping, sabotage, vandalism, local device access, and assault can lead to a loss of data or information.
Environmental: Natural events such as tornadoes, power loss, fires, and floods pose hazards to the infrastructure in which data assets are located.
Insider Threat: Employees, contractors, or partners can commit fraud, espionage or theft of intellectual property.
Social Media: Employees often fall victim to scams or reveal information not intended for public knowledge on social media.
Dumpster Diving: Improper disposal of sensitive data could lead to improper disclosures and sensitive information just sitting in trash bins. Having internal procedures when disposing of sensitive documents is crucial in preventing this kind of a non-technical vulnerability.
Social Engineering: Attackers rely heavily on human interaction to gain access to company networks or systems, usually tricking users into breaking normal security procedures and revealing their account credentials.
Cyber Liability Insurance
Every passing day is another opportunity for thieves to get their hands on the sensitive information you hold for your customers and employees. To learn more about how to best protect your business, check out the extensive library of tips in our Data Security blog series.
Even with the right preventive measures in place, no one is 100-percent safe from these threats. Cyber liability insurance is critical to protect your business with the power to recover in the event of a breach. To discuss the details of cyber liability coverage, get in touch with your local Society agent.