Table of Contents
Cooperation With Gray Market Providers
Gray market providers offer solutions outside the legal distribution channels. Nevertheless, some companies opt for these solutions because they are particularly cheap in most cases. However, the problem with gray market providers is that they do not own the source code. This creates two risks for companies. Firstly, the gray market provider’s lack of product know-how could lead to configurations that leave the data unprotected. Secondly, since the product is distributed outside of the legal distribution channels, the software is not updated as necessary.
Use Of Legacy Unpatched Solutions
Product updates and patches are required to fix security vulnerabilities. If this is not done, backdoor access (alternative access to software that bypasses access protection) to data may be possible.
Working With Suppliers Who Don’t Take Data Protection Very Seriously
Regardless of whether companies work with external consultants or service providers, they should know exactly how the external company protects data. Before entering into a contract, clients should ask specific questions to gain a thorough understanding of security practices and incorporate security-related agreements directly into the contracts.
Lack Of Employee Training
People are often still the biggest weak point: employees create weak passwords and do not always use the most secure network. Professional training can help create awareness of dangerous situations. Hacker concepts such as social engineering and phishing attacks should be familiar to everyone. Especially now that the majority of employees are working from home, mobile employees should ensure that their personal networks are secure and use a VPN (Virtual Private Network) if possible.
No Clearly Defined Incident Response Processes
What happens if an incident does occur? The longer an incident lasts, the more data is at risk. In a global survey of IT managers by the OTRS Group , 40 percent stated that, above all, they need more clearly defined incident management processes in order to be able to deal more adequately with security breaches.
“There is no such thing as 100% security when managing data, but there are numerous protective measures,” says Jens Bothe, Director Global Consulting at OTRS AG and security expert. »Due to the increased work in the home office, we are exposed to a higher security risk, which can be reduced by following these five tips.
Avoid Risky Cloud-Based Solution Providers
If you’re considering a cloud-based option for your business, take the time to ask your provider the following questions.
Moving to a cloud-based solution means giving up control of your environment in favor of flexibility and scalability. In today’s world where cyber threats are rampant, relinquishing that control can be a difficult decision. After all, your business stability and growth depends on the data you put out. You should therefore find out how this data is processed by the service provider.
12 Security Questions For Cloud-Based Service Providers
If you’re considering a cloud-based option for your business, take the time to ask your provider the following questions:
Have you already experienced security breaches? What happened and what was done to prevent the incident from happening again? How is your security incident management organized.
What certifications are there? How and when will you be checked for compliance?
- How is data encrypted during exchange? How is stored data encrypted? How often are keys changed or updated?
- What backup procedures are there? Are backups encrypted?
- Where is the data center located? Which procedures are implemented for the security of the data center? access control? Fire protection? Measures against power failure?
- What authentication requirements have been introduced?
- Are logs kept? Who has access to these?
- What patch management processes do you have?
- How is data segmentation ensured?
- What are your monitoring procedures? What is the mitigation and notification process when attacks are identified?
- Are components of the Service provided by third parties? If so, which and what data protection efforts do they have?
- What happens to our data when the contract ends?