SSL

Corporates Still Behind in Enforcing Security Basics

October 16, 2014 | By Editor 

Summary

Security experts have warned that many corporates are still haemorrhaging sensitive information because of their failure to address basic security weaknesses including HTTPS conversion.

Security Basics

Companies Still Behind Security Basics- Why and What is to Be Done

  • In a recent report, the Information Commissioner’s Office (ICO) has found the key areas of PC security that corporates frequently overlook.
  • This includes failing to install software updates, converting from HTTP to HTTPS, and storing information in easily accessible locations.
  • Using default passwords for content management systems (CMS), Wi-Fi routers, and databases.
  • When it comes to SQL injection vulnerabilities, ICO recommends corporates to invest in independent apps testing before they go live.
  • The independent authority also suggested that all passwords should be salted and hashed to make violent attacks less effective.
  • Also, corporates should have a immediate plan of action in case of a password breach.
  • Firms should using an Secure Socket Layer (SSL) or Transport Layer Security (TLS) for all data transfer, to secure data in transit, and ensure any services use a valid certificate.
  • ICO also urged corporates to ease their IT systems and reduce their exposure of risk by completely  decommissioning any app or service that are no longer valid.
  • Periodic scanning of ports to check for unwanted services that may have been inadvertently enabled was also posted as a suggestion by ICO.
  • Money is not the answer to all the problems. Lucrative businesses have failed in the past owing to their poor interacted IT systems and inadequate defenses.
  • Poorly integrated IT systems lead to the creation of blind spots making it very hard to identify, monitor, and manage flaws across the company.
  • It is one of the reason why the age-old COBOL apps can still be infiltrated by hackers today as a way to gain to access into the corporate infrastructure.
  • This is also as to why lost laptops or smartphones secured with a weak password still manages to strike fear into the hearts of any IT top brass.

Conclusion

Software flaws across a corporate’s complex IT environment can reach millions, while new flaws are discovered and new patches are launched every day.

It could be really challenging for IT security experts to work out a consistent patching process, especially for business critical systems. It is important to remember that sometimes it is a different employee or team that is responsible for the patching process.

ssl certificate

<< Superfish Security Flaw Found To Hit Dell LaptopsHeartbleed Bug Still Remains a Threat for Unsecured Networks >>

Posted in SSL

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory