IT-specialist NAS Broker: reviews and tips on how not to lose company data

Companies that develop their business should have a clear strategy. Plan of action, according to which they will move on. In this case, you need to protect the information of the company, so as not to take two steps back, or even more. And if the firm has managed to show itself to people, then there will certainly be people who want to spite her by stealing important information. In this article, the information security specialist NAS Broker will talk about the pitfalls.

Previously, the main purpose of the theft was the material component. Now these companies bear more value. This especially applies to banks, insurance organizations and management enterprises.

Threat sources

Any company in the office has computers with internet access. But few have protection, and attackers use it, using malicious software. It is worth remembering about the human factor, which is sometimes out of place. Below it, we mean mistakes that employees of the company may allow. In addition to these reasons, there are others:

• Unstable operation of devices.
• Open cheating.
• Distortion of documentation.
• Theft, forgery.
• "Bookmarks".

Sources of threat can be both external and internal. The last is the company's employees. External - people who do not belong to the firm.

Separately talk about IT-criminals. They use different methods, time after time pulling the trump cards from the deck. But most often they change part of the information in messages that are addressed to the company, or interfere with the transfer. They can also blackmail the company's employees. Everywhere there are people who will be manipulated.

If we talk about programs, then they use:

• Trojan worms.
• Viruses.
• "Archivers" and pseudo accelerators of data processing. It is clear that the information is given by the employee of the firm, without realizing it.
• "Bookmarks" in which there are malicious programs.

Statistics Center

In 2014, SafeNet company posted a report on hacking networks of organizations.

According to the company, only in the first months of 2014, cybercriminals stole more than 200 million records. They had information about both firms and customers. However, only 1% of the data from this number was encrypted. And this means that about 200 million entries can be used by intruders for their own purposes.

Also, SafeNet provided statistics on the types of information leakage. In 25% of the cases there was no theft - the data fell into the network due to errors of employees. 61% - the usual hacking, when hackers penetrated the company's network through the Internet. In 11% of cases, intruders used an insider. Either they bribed the workers' company, or they introduced their own. By the way, this method brought 52% of the stolen data from the total volume. And only in 1% of cases the network was hacked by socially active hackers. But not for stealing data, but for personal reasons.

South Korean bureau, whose reputation is darker than dystopia

The "winner" of this race is a credit bureau from South Korea. From the network of this company, 104 million records were stolen. In this number, there were card data of 20 million Koreans. For a minute, there are 50 million people in Korea. The bureau encrypted the data, but only from the Internet. And the attacker appeared in the office under the guise of a support specialist. All he did was insert a USB flash drive into the computer containing the database. "Bureau" got lost "- the negative appeared right away. A curtain.

Enough to understand the problem.

How to protect information? More from NAS Broker: reviews and lifhaki

In order to protect the organization from hacking, you need:

• Formulate a security policy and keep a report on the protection of information.
• Use technical means.

Do not think that the second point is the basis. In large companies, 70% of the effort and time is spent on fulfilling the first.

And now we turn to the means of information protection.

. Firewalls . Thanks to them, the networks are separated. Because of this, users are less likely to violate. The current firewalls are easy to manage and multifunctional.

. Antivirus protection of data . The efforts of antivirus manufacturers are aimed at protecting corporate networks. Systems that are in antivirus programs protect proxy servers, mail gateways, workstations. This means that the attackers will not have access to the company's network. It is recommended that you use at least two antivirus programs.

. Systems for detecting attacks . They are closely related to malware blocking devices. Such systems accentuate the administrator's attention only when the company faces significant damage.

. Access control . In order to exclude the possibility of the theft of data by the employee, the companies automate management and differentiate access to employees, according to their functionality. Simply put, a staff member can not see the director's reports. Steal, too. For him there are none.

It is not enough to protect data from the Internet. It is necessary to make so that the data on the company could not be stolen by anybody. Neither from the network, nor inside it. Even Anonymus.