By Jared Humiston
Maintaining a secure business is no
small task. With so much demand on everyone’s
time it becomes easy to overlook the
small details that protect your business.
This task should never fall on one person’s
shoulders but rather on the organization
as a whole. Here are some helpful tips to
keep your organization secure.
It is widely believed that anti-virus,
a firewall, complex passwords and some
web content filtering software will keep
you safe and secure. While these are all
critical components of keeping data secure,
these are only part of the equation
that is security. Law enforcement experts
estimate that 50 percent of breaches result
from employees misusing access privileges,
whether maliciously or unwittingly.
You have to be conscientious about both
internal and external threats. Users with
elevated privileges can accidentally delete
data that causes harm to the organization.
These acts do not have to be intentional
to be harmful. Periodically review who
has access to what information. We come
across a lot of situations where all company
data is put into one folder and shared
out. This gives users access to files that
should remain confidential.
Another area of security that is often
over looked is training the “human firewall.”
Most spyware is the direct result
of user behavior. This could be using
Facebook, checking personal e-mails,
instant messaging programs and other
user/employee provided devices. Have a
policy, plan and/or solution in place to
address these areas is necessary in any
sized organization.
Educating and training your employees
on the dangers of these behaviors can help
the user identify a potential threat before
clicking. A way that an employee can commonly
be socially engineered is outlined in
the following example: If a person comes
in for an interview and they ask the front
desk person to take this USB stick and
print out the file called resume real quick
because they were running late because
their kid was sick.
Your employee wants to help, so they
plug it in, pull up the resume and print
it out and hand it to the interviewee and
they are delighted. The person goes into
the interview and comes out says thanks
and that’s that. What the employee did
not know is that the USB stick contained
malicious code that will log all of their
keystrokes and send them to the attacker.
It will gather passwords and could even
provide a backdoor into the network. If
a policy was in place to never accept a
devise from non-employees or had a device
control application been in place, this
could have been prevented. The employee
is as vulnerable as the desktop or laptop.
You see security is a layered approach
and it is different for every organization.
Not to beat analogies to death in this article
but this analogy describes security
in laymen’s terms. When you go to bed at
night, you would never leave your front
door wide open and lock just your bedroom.
This would allow the would be attackers\
hackers free access to your house. Normally,
you lock the all the doors and may
even have a bolt to provide extra security.
Closing these doors provides another barrier
for them to have to break down to gain
access. Hearing the racket will prompt you
to call police. They now have to break down
a secondary bed room door.
Having two doors should provide time
for the police to show up and thwart off
the attacker or eliminate the threat all
together. If you are running out of time,
you have a secondary escape route out the
window. Without these secondary measures
in place, something much worse could
have happened. The same applies in your
business environment. You want to have a
plan of action on how to prevent attackers
from gaining access to your network and be
prepared for if they do and how to properly
respond to eliminate the damage to your
files and reputation.
Security does not come prepackaged,
it is tailored to each and every network
environment, large or small. It includes
every member of the organization to ensure
that your business is safe. Firewalls are
good until someone initiates a download.
Web content filtering is good except for
when a policy is forgotten to be applied.
This is why you scratch your head at night
wondering why one of your users was down
half the day because of a virus when you
paid for anti-virus and a firewall.
Humiston is president of Adirondack
Technical Solutions in Argyle.
Photo Courtesy Adirondack Technical Solutions