And Antivirus | Thinking Outside The Firewall

December 14, 2011 by Admin
Filed under: Software Utilities 

HOW DO YOU SECURE your data? Most would respond that their firm has a firewall and antivirus network in place to war a far-reaching operation of threats. This is routinely the response by non IT staff, IT managers and sometimes by a few IT safety specialists.

Personally we would be dim-witted to dispute against safeguarding your firm from cyber threats. The reality is, these attacks – trojans, worms, viruses, DoS (denial of service) and hackers – are a large threat. But they are by no means the usually safety threats confronting companies, that is because it’s so critical for business to think outward of the box.

There are other leading threats that take reduction promotion – primarily because the media have an craving with “evil” hackers and admire to print “sexy” stories about companies being hacked in to by crook gangs or state sponsored groups.

Let’s obtain earthy

Instead think physical: That is, earthy gadgets being used to rob information – or more often pack being left on trains, even being stolen from employee’s homes.

Many companies outlay thousands or even tens of thousands (though many more don’t) on high tech safety such as: retina scanners, biometrics, firewalls, antivirus scanners, 12 feet fences and multi-factor authentication, but flop where it counts most; human blunder and earthy assets.

Paradoxically modernized safety program can often lead to a messy perspective towards safety amid staff, but as the aged saying goes, “security is usually as burly as its weakest link.” High tech safety can usually go so far and the complaint is you cannot purchase a firewall and antivirus network for human being. Research from Data Defender found that 64% of UK workers have received no practice on IT safety issues, inclusive avoidance of malware and loss of sensitive data.

Perhaps more troubling is new investigate that shows that one third of all SME closures are due to human error. There is no indicate of spending tens of thousands or even more and forgetful the many critical segment staff training. Intrusions and information leaks often have a human component to them. A associate of staff might send credit card sum by email, that finish up being hacked in to or intercepted. Or a associate of staff might open a dodgy email that installs a trojan equine in to a network, thus bypassing high tech securing and gap an unlawful hovel in to the network.

USB coop drives, together with USB hard drives, and visual media such as CDs and DVDs, even though CDs and DVD’s are bit by bit going out of conform for information transfer. A firewall offers a few insurance from remote hackers perplexing to splash information from inside a network. But what about information that is relocating around electronically or physically? Once information has left your 4 walls it is vulnerable, hard to stop and hard to guard unless you have a network in place.

Many companies inside of the UK have no device manage around separable media or they might simply have a process stating no USB gadgets allowed. It is really well having such a process but as we know “rules are meant to be broken”. USB gadgets have 3 problems: information loss, information bearing and malware spreading. Malware a few years ago was the greatest and many talked about hazard but these days it’s really information exposure.

You wouldn’t or shouldn’t leave rarely trusted customer financial papers fibbing around on your office desk, at home or leave them next to you on a sight carriage. A USB coop expostulate is really the same but given its digital people do not consider it as much.

You have USBs?

An open USB process is a really bad thought given thousands of USB drives are mislaid yearly. Three options exist for USB control. You can deliver a process stating they are criminialized or dock restraint software. Another choice is to supply every staff associate with a secure USB drive. Alternatively you can deposit in programmed program to encrypt and review information created to USB devices. If you are a large firm then choice 3 might be a great thought given it thatch down information created to USB gadgets together with CD’s and DVD’s.

Laptops are other familiar source of information leakage. Recently the open sector, primarily councils and NHS have been fined for lost laptops. The familiar parable is, the Windows login hasty offers ample insurance but it is no tie in for a expert IT veteran and may be damaged in to in minutes. Now the Information Commissioner’s Office (ICO) recommends all laptops have full front encryption commissioned together with on separable media.

Finally one of the many dangerous attacks is amicable engineering. People are brought up to be kind and willing to help and these are traits that can simply be exploited. Social engineering (social as in amicable skills and engineering as in to operative an attack) comes in 3 forms: on the phone, in person or by email.

Do your staff pick out people by phone or in person? The reality is, probably not. Don a Fedex uniform, bring paperwork, a package and spin up at an office; 9 times out of 10 no one would subject the individual. The reason being, they fit the picture.

Another e.g. is someone posing as a executive on the phone. “Hello, we was wondering if you could help me. we am working on an obligatory plan for a shareholder discussion tomorrow and we need a report urgently. It’s for my boss, John, the MD”. Due to urgency, apprehension and seniority it is expected the staff associate would palm over the report or password. Training is the usually answer to war amicable engineering attacks.

Graeme Batsman is a director at Data Defender

Image credit: Shutterstock

Tags:

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!





  • Sponsored Links

  • Pictures