Posts tagged network security
In many companies around the country, there is a growing disconnect between the IT department and other organizational departments, especially with regard to current technology used by the company. Part of this disconnect is due to natural causes, since the language spoken by IT personnel is often quite different from normal business jargon, but in other cases, non-IT personnel simply prefer to seek solutions on their own.
This represents a clear communications breakdown which can lead to a number of security vulnerabilities, and some serious errors as well. As a manager of an organization, it is incumbent upon you to bring these two groups of people together, so that possible security breaches can be avoided, and all company personnel can be working together toward the accomplishment of business objectives.
The Millennial Mentality
Millennial’s at your place of business have all grown up in a world which was tightly connected by the Internet, and for all of them, finding answers to any questions they had has been a simple matter of just Googling for it. This has fostered the kind of mentality which is characterized by reliance on themselves, when it’s necessary to find out any kind of tech-related information.
While this is admirable up to a point, it can definitely cause problems for your company, because any information learned through generic searches will provide generic answers, rather than information specific to your company. Making matters worse, most staff members today are now used to having the absolute latest in available technology, with their laptops being top-of-the-line and their smartphones being the very latest on the market.
Because of their dissatisfaction with the level of technology provided by IT, a number of staff people simply prefer to do their own information searches, because they are unhappy with technology provided by the company. This has also lead many staffers to seek out apps which they need to handle certain business functions, and none of these apps will have gone through company security protocols.
Usage of Non-sanctioned Software
Because of the dissatisfaction with existing company technology, a number of young staffers commonly turn to apps which they discover online, and which will satisfy some business requirement they have. However, this can cause a number of security issues, especially if these apps are used to transmit or store business-critical data belonging to the company.
When some of the younger people in your organization feel that technology provided to them is inadequate, they can also develop a perception that the CIO is out of touch with the organization, and is unwilling to provide current technology. A serious vulnerability can develop in your company’s cyber security when some staff personnel begin to feel that the organization is unwilling to provide adequate IT support, and that’s how the usage of non-sanctioned software can slowly creep in.
Changing Staff Perception
In order to combat the prevailing sentiment described above, a firm commitment by management is necessary, so that IT policies are thoroughly explained to all staff members. People are always much more willing to accept decisions and policies which are explained to them, rather than being in the dark about matters, and simply being forced to accept any results of those decisions.
In this case, it should be clearly conveyed to staff members why there is a strong need to restrict information to authorized applications only, and what the consequences are of any kind of data breach. When your staff members understand exactly what the issues are, and how those issues will impact everyone in the company, including themselves, they should be more willing to accept any restrictions imposed.
On the other hand, if there is serious resistance to accepting company policies regarding technology and the restriction of various applications and software, it might be a good time for the CIO and other IT members to have a significant conversation with staff members. If there really are areas of deep inadequacy, this will be brought to light in a brainstorming session, and some avenues for possible remediation can be discussed.
The main thing to remember about all this is that there should be an honest and open discussion with staff members about why policies have been implemented, while at the same time understanding their complaints about potentially inadequate software or technology.
Training on New Technology
When new software is made available to staff members in your organization, it would be a terrific idea to hold training sessions for everyone, so they can quickly get up to speed on how to make best use of that new software. A good way to get the masses on board is to choose champions for the new technology, who can influence their fellow department members to embrace and excel in using the new software.
It’s extremely important to maintain good relations between the IT staff and all other non-IT departments, in order to accomplish company objectives. With this being the case, all possible efforts should be focused on establishing and maintaining good communications between the two groups, and if regularly scheduled meetings will help to accomplish that, that should definitely be a company goal.
Network Security on Your Home Computer
No matter how much time you spend on your work computer, your home computer contains some of your most important files. Our personal machines help manage our finances, social relationships, and professional lives, but we often don’t put in as much effort into keeping them secure. Our computers contain a variety of personally identifiable information (PII), and it’s important to maintain sound computer and network security to protect your files.
Connecting Your Computer to a Secure Network
A network router is your first point of contact with the Internet. Don’t just rely on your ISP (Internet Service Provider) or cable modem to perform comprehensive security monitoring. An Internet connection starts with your modem, connects to your router, and feeds this information into your computer. Your router should be secure before connecting to the Internet.
Here are a few tips to maintaining network defense, once you are connected to a secure network. First off, use a web browser with sandboxing capabilities. A sandbox is an isolated environment that mimics an entire computer system, which targets suspicious programs and analyzes potential threats.
Browsers with sandboxing capabilities are especially useful for recognizing advanced persistent threats (APTs). These APTs are designed to escape detection, breaking through conventional security barriers, and gaining access to PII on your computer. Sandboxes help capture these viruses and clear them out.
When you own a business, you want to keep your home computers well-defended because any crossover information between work and personal machines, through email or messaging apps, can cause a data breach. A recent study found that 60% of small companies fail due to poor network security measures.
Sandboxing can be applied to a number of different programs, such as PDF readers. A common means for viruses to attack your computer is through embedded URLs, where malicious executables can gain entry via PDF files.
Keep Everything Up-To-Date
While this may seem self-explanatory, many malware attacks occur because personal computers are not as diligently updated as company devices. Make sure your computer has current versions of all software you run.
Updating programs like Microsoft Office to the 2007 version or a more current iteration is a good idea, since word-processing is a common function on home computers. Microsoft Office 2010 offers a “Protected View” that opens documents in read-only mode, which blocks any viruses embedded in unfamiliar files.
Many applications have a feature that enables automatic updates. Updating frequently is a good network security practice, since attackers typically exploit hosts that don’t have their software applications fully patched. Additionally, evaluate which programs you use most frequently and those you never seem to use. Do some research on the software you wish to delete, and determine if removing them is possible. Fewer applications on your computer workstation mean fewer channels for hackers.
Social Engineering and Phishing Attacks
Some of the most common attacks are executed through email. A social engineering attack uses human interaction to obtain sensitive information on computers with vulnerable network security. In these infected emails, a person can claim to be an employee, cleaning service, or someone else offering qualifications that would allow them to gather your confidential information.
Phishing tactics also use emails from attackers masquerading as reliable organizations to obtain personal details. Often, these phishers will take advantage of events in the news (i.e. fake natural disaster fundraisers) and holidays (i.e. Christmas shopping deal scams) to steal account information. They even go so far as to pose as reputable banks to issue fraudulent warnings, hoping that alarmed card holders will hand over their account credentials.
Keeping Your Home Computer Safe From Attacks
To avoid these attacks, install anti-virus and anti-spyware software, firewalls, or email applications that filter your inbox. Whenever you are asked for sensitive information such as your credit card number or even your birthday, verify that your information isn’t falling into the wrong hands.
If you suspect that you’ve received a phishing email, call the organization the message claims to be from. Use the contact info on the legitimate website, and ask about the email.
In general, don’t open unfamiliar links or messages with attachments, especially from email addresses not in your contacts. Also, find out how to build a strong password and employ those methods for all of your accounts. Secure and complex passwords should not only be used for WLANs but also for any devices in your home and work that use web interfaces (i.e. printers, self-automated light switch systems, etc.)
When it comes to protecting your personal information, there’s no such thing as taking too many precautions. At Geek-Aid, we specialize in every kind of cyber security. We all rely heavily on personal computers to manage many aspects of our lives, and keeping these devices secure is a top priority.