Endpoint Management for Company Security

A data breach at Nice Systems, a partner of Verizon’s, has exposed millions of customer records. Nice Systems is an Israeli company that facilitates customer service calls. The exposed records include phone numbers and account PINs for at least 14 million subscribers. The records were found on an unprotected Amazon S3 storage server that was controlled by an employee of Nice Systems.

Exposed were six folders that dated back to January of this year. Each folder held daily log files from customer phone calls. The records in these files included customers’ names, home and email addresses, the current balance of their accounts, and the Verizon services the customer subscribed to. The files also exposed customers’ PINs and if the customer had a Verizon federal government account. Nice Systems was using the database to log customer data. The worry for customers is that if hackers have access to their account PINs, then they have access to their subscriber account.

The majority of Nice Systems’ customers are on the Fortune 100 list. The company has over 25,000 customers in 150 countries. The security researcher who discovered the data breach notified Verizon of the security risk on June 13th, but Verizon didn’t protect the data until a week later.

Verizon says it is currently investigating how customer data was improperly stored on the Amazon Web Services server. Verizon says that the only person who was able to access the cloud storage area other than an employee of Verizon or Nice Systems was the security researcher who discovered the vulnerability.

Companies can take extensive measures to protect their networks and data, but they will never fully know how seriously their partners take cybersecurity. Companies need to make sure that their partners prioritize securing customer and company data. Companies should also make sure that they are reliable enough for other organizations to partner with. Below are a few steps that companies can take to secure their data from hackers:

  1. Encrypt data: Data encryption adds an extra layer of security for unauthorized users and hackers to try to get past. By encrypting data, companies can also guarantee that data integrity if an unauthorized user does manage to access it.
  2. Limiting user access: By limiting user access to data, companies can reduce the chances of someone without the proper security clearance accessing confidential documents. Companies can also use partitions to block lower-level employees from accessing data that’s sensitive to the company.
  3. Timely remediation: The longer a security vulnerability goes unfixed, the more of a chance there is for hackers to exploit that vulnerability. Endpoint security software that integrates with incident response processes allows companies to remediate issues almost immediately. Timeliness ensures that hackers won’t have a window of opportunity to compromise company data.
  4. Regular inspection: By regularly inspecting every aspect of endpoint assets, companies can prevent unauthorized software and malware from going unnoticed. Companies should also inspect networks for malware to ensure that cyber threats aren’t going undetected.
  5. Follow best practice standards: Best practice standards such as CIS Benchmarks, DISA STIGs and NIST can help companies and organizations remain compliant with industry standards. These best practice standards are designed to help organizations safe from cyber threats. By using an endpoint security software that aligns with best practice standards, IT teams can easily determine overall endpoint risk.

The data breach at Nice Systems and Verizon demonstrates that even secure companies can be exposed by their partners. With vulnerability audits and continuous monitoring, companies can readily uncover gaps in their security. Companies should use endpoint security software to quickly remediate any lapses in security, ensuring that hackers don’t have a chance to exploit vulnerabilities.