By Jared Humiston<\/p>\n
Maintaining a secure business is no small
\ntask. With so much demand on everyone’s time
\nit becomes easy to overlook the small details
\nthat protect your business. This task should
\nnever fall on one person’s shoulders but rather
\non the organization as a whole. Here are some
\nhelpful tips to keep your organization secure.<\/p>\n
It is widely believed that anti-virus, a
\nfirewall, complex passwords and some web
\ncontent filtering software will keep you safe
\na secure. While these are all critical components
\nof keeping data secure, these are only
\npart of the equation that is security. Law
\nenforcement experts estimate that 50 percent
\nof breaches result from employees misusing
\naccess privileges, whether maliciously for
\nunwittingly.<\/p>\n
You have to be as conscientious about
\nboth internal and external threats. User with
\nelevated privileges can accidentally delete
\ndata that causes harm to the organization.<\/p>\n
These acts do not have to be intentional to
\nbe harmful. Periodically reviewing who has
\naccess to what information. We come across
\na lot of situations where all company data
\nis put into one folder and shared out. This
\ngives users access to files that should remain
\nconfidential.<\/p>\n
Another area of security that is often over
\nlooked is training the “human firewall.” Most
\nspyware is the direct result of user behavior.<\/p>\n
This could be using Facebook, checking personal
\ne-mails, instant messaging programs
\nand other user\/employee provided devices.
\nHave a policy, plan and\/or solution in place to
\naddress these areas is necessary in any sized
\norganization.<\/p>\n
Educating and training your employees on
\nthe dangers of these behaviors can help the
\nuser identify a potential threat before clicking.
\nA way that an employee can commonly
\nbe socially engineered is outlined in the following
\nexample: If a person comes in for an
\ninterview and they ask the front desk person
\nto take this USB stick and print out the file
\ncalled resume real quick because they were
\nrunning late because their kid was sick.<\/p>\n
Your employee wants to help, so they plug
\nit in, pull up the resume and print it out
\nand hand it to the interviewee and they are
\ndelighted. The person goes into the interview
\nand comes out says thanks and that’s that.
\nWhat the employee did not know is that the
\nUSB stick contained malicious code that will log all of their keystrokes and send them to
\nthe attacker. It will gather passwords and
\ncould even provide a backdoor into the network.<\/p>\n
If a policy was in place to never accept
\na devise from non-employees or had a device
\ncontrol application been in place, this could
\nhave been prevented. The employee is as
\nvulnerable as the desktop or laptop.<\/p>\n
You see security is a layered approach and
\nit is different for every organization. Not to
\nbeat analogies to death in this article but this
\nanalogy describes security in laymen’s terms.
\nWhen you go to bed at night, you would never
\nleave your front door wide open and lock just
\nyour bedroom.<\/p>\n
This would allow the would be attackers\\
\nhackers free access to your house. Normally,
\nyou lock the all the doors and may even have
\na bolt to provide extra security. Closing these
\ndoors provides another barrier for them to
\nhave to break down to gain access. Hearing
\nthe racket will prompt you to call police.<\/p>\n
They now have to break down a secondary
\nbed room door.
\nHaving two doors should provide time for
\nthe police to show up and thwart off the attacker
\nor eliminate the threat all together.
\nIf you are running out of time, you have a
\nsecondary escape route out the window.<\/p>\n
Without these secondary measures in place,
\nsomething much worse could have happened.
\nThe same applies in your business environment.
\nYou want to have a plan of action on
\nhow to prevent attackers from gaining access
\nto your network and be prepared for if they do
\nand how to properly respond to eliminate the
\ndamage to your files and reputation.<\/p>\n
Security does not come prepackaged, it is
\ntailored to each and every network environment,
\nlarge or small. It includes every member
\nof the organization to ensure that your business
\nis safe. Firewalls are good until someone
\ninitiates a download. Web content filtering is
\ngood except for when a policy is forgotten to
\nbe applied. The “human firewall” may know
\nthat the .zip file from an unknown source in
\ntheir personal Yahoo e-mail should not be
\nviewed at work because they were trained
\nproperly.<\/p>\n
This is why you scratch your head at night
\nwondering why one of your users was down
\nhalf the day because of a virus when you paid
\nfor anti-virus and a firewall.<\/p>\n
Humiston is president of Adirondack
\nTechnical Solutions in Argyle.<\/p>\n","protected":false},"excerpt":{"rendered":"
By Jared Humiston Maintaining a secure business is no small task. With so much demand on everyone’s time it becomes easy to overlook the small details that protect your business. This task should never fall on one person’s shoulders…<\/p>\n","protected":false},"author":121,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[58],"class_list":["post-15483","post","type-post","status-publish","format-standard","hentry","category-business-reports","tag-business-reports"],"yoast_head":"\r\n