Skip to main content



How Executives Can Prevent Data Breaches

By News

How Executives Can Prevent Data Breaches

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable. Here's how to mitigate the risk.

This article was originally featued in Hackernoon

Data breaches are so much a part of our way of life that we barely bat an eye any more when another company gets their data stolen. In fact, some publication or another has called every year since 2005 the “year of the data breach”. Every year there are multiple new high-profile thefts of consumer data, and a lot of them are preventable.

Equifax’s 2017 data breach is one of the best-known, and it stemmed from one of the dumbest possible reasons: not keeping up to date with patches. There are multitudes of basic, preventable problems that have caused huge data breaches: sequential user IDs in plaintext, plaintext password storage, transaction logs that don’t check balance on every transaction — the list goes on and on…

When the total average cost of a data breach is $3.86 million, preventable problems are not acceptable.

But data breaches are preventable, and as an executive you have the responsibility to make sure they don’t happen. Here’s how you can mitigate the risk.

1. Get Your Staffing Right

Equifax’s data breach was particularly egregious for a few reasons. One was the scope of the breach, with 143 million people put at risk. Another was their chief security officer being a music major with no known credentials in security.

A company of that size putting their trust in someone who had no credentials in the field is unfathomable. For patching to go undone for that long is also unfathomable, given that the patch that would have fixed the security hole had been available for months.

This could have been fixed with proper staffing. Getting the right people in the right positions is key in any organization, but in an organization that’s responsible for this much user data, it’s absolutely crucial. Make sure those key security positions are locked down.

2. Make Sure There’s Accountability In Place

When two-thirds of CEOs have organizational control over IT and 60 percent have control of the IT budget, the buck stops at the top desk.

Creating a culture of accountability starts at the top. You can’t get into a checklist mentality — once you’ve got your security checklists done, you still can’t rest. A properly-motivated staff looks for other ways to safeguard against things like zero day exploits and other possibilities that won’t show up on a checklist. Even if you’re trying to be GDPR-compliant, it will help — but there are things that won’t show up if that’s all you do.

Accountability starts with the C-suite. Are you empowering the right people to make decisions in the department? Giving them the budget they need? Holding them accountable for breaches and helping them create a better infrastructure?

As Ashley Leonard, CEO of Syxsense, told me in an email, “When it comes to an IT department, it’s important to give them the tools and people they need to do their job. Otherwise, when mistakes happen, the responsibility lies with the C-suite and not the people on the ground. Automatic solutions for patching, innovative employees that come up with possible vectors of invasion, pen testing … all those things go into creating a strategy that keeps your company safe.”

3. Educate Your Employees

This doesn’t just apply to IT. It’s important for every level of a company.

Kaspersky Labs notes that “The vast majority of data breaches are caused by stolen or weak credentials. If malicious actors have your username and password combination, they have an open door into your network. Because most people reuse passwords, cyber criminals can gain entrance to email, websites, bank accounts, and other sources of PII or financial information.”

Make sure you’re keeping your employees up to date with common phishing strategies and testing them periodically to make sure they’re on top of it. Rotate passwords frequently, even if they grumble. It’s important to make sure they don’t unwittingly open your network to attack, and that starts with proper education.

Phishing is one of the most common routes of attack for both personal identity theft and corporate data theft. It’s also getting harder to detect as groups start to use multiple redirects to obfuscate URLs. If you can stop at least the very common methods, you’ll be a lot safer.

4. Stop Data Breaches Before They Happen

Not every breach can be stopped, but it’s absolutely key that you do everything you can to keep them from happening. Data breaches are on the rise across the United States and the world. As more information makes its way onto the Internet, there are more and more ways for us to have our identities compromised and more companies that have our personal information to steal.

You can’t prevent every incursion, but what you can do is harden your perimeter. Make sure you’re not leaving holes in your security through negligence or starving your IT department of resources. Establish a culture of accountability, hire the right people, educate your employees, devote the proper resources to staying patched and secure, and you’ll be able to stop most attacks before they happen.

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Equifax Hack – What To Do Now

By News
[vc_single_image source=”featured_image” img_size=”full”]

Three Steps To Protect Yourself and Your Company

Earlier this month we learned that criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software.

The big lesson here: Prepare yourself; this will happen again. You should already assume you are affected by the Equifax hack, just to be safe. Here are three steps you should take to protect yourself.

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

It is becoming increasingly difficult for companies to protect online data. To prevent a catastrophe, it’s important to implement rigorous patch management methods.

Updates should be tested and deployed in a safe, but rapid fashion. Reports and audit logs should also be provided to track the status of any tasks or view any systems that have been improperly accessed.

[dt_default_button link=”|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Syxsense is the solution for managing your IT environment. Our content is thoroughly tested, so you can rely on a smooth deployment. Our reports and audit logs are detailed, so you won’t miss any critical information. With two-factor authentication and 2048-bit encryption, you won’t have to worry about your IT tool being a weak point.

Secure your environment and discover a better way to manage with Syxsense.


Breaking Patch News: Zero-Day Flaw

By News, Patch Tuesday
[vc_single_image source=”featured_image” img_size=”full”]

Patch Now: Microsoft Fixes Zero-Day Flaw

Two major security flaws were addressed in the latest Patch Tuesday update. The first was a zero-day vulnerability that is currently being used in attacks against Russian-speaking users. The second is a response to the new BlueBorne exploit that targets Bluetooth devices.

If you’ve deployed the Patch Tuesday updates for September, you already have these updates. However, if you haven’t already done so, we strongly urge you make this your top priority.

We know Microsoft’s Patch Tuesday bundle can be a real pain and kill your day, but that’s where Syxsense can help. With our maintenance windows and patch queries, you can set automatic tasks to deploy Patch Tuesday Updates every month they are released and schedule them around business hours.

It’s important to avoid a loss of productivity, but it’s also critical to keep your systems free of vulnerabilities by patching. Syxsense allows you to do both. There’s no excuse for not patching your systems and great risk with waiting to deploy updates.

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

Equifax Should Have Patched

Another reason to keep up to date on patches; breaches like Equifax. It seems they have tracked down the source of the security breach, a flaw in the Apache Struts Web Framework. This vulnerability was revealed back in March and has an update that fixes it.

It seems this isn’t the end of Equifax’s incompetence, but only the beginning. An unrelated discovery found that Equifax’s Argentinian website had their administrator user/password login to admin/admin. There are not words for how foolish this is.

This is one of the three major agencies charged with tracking our financial lives. It’s important that punishment comes and safeguards are put in place so that something like this never happens again.

To protect and patch your environments, start a trial of Syxsense today.

[vc_separator css=”.vc_custom_1494871528028{padding-top: 15px !important;padding-bottom: 5px !important;}”]

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]