6 Common-Sense Security Measures Every Business Should Adopt
December 27, 2012 8:45 AM
Beware threats from both within and without; protect employee privacy; secure your networks via education
Today's workplace is a massive nightmare for information technology folks when it comes to security. But by emphasizing consistent, workplace-wide policies and by enforcing reasonable access limits, a company safeguard itself against both internal and external data loss.
Let's discuss a few keys to maintaining a secure workplace.
1. Rule BYOD, don't let BYOD rule you
Most businesses are going to let employees bring their own devices (laptops, tablets, etc.) to do work with. But holding seminars on how to keep private and workplace data is crucial.
must be managed with a clear and consistent policy, with well-defined limits to prevent your IT employees from accessing personal data.
BYOD can save costs, but poses unique privacy and security risks.
[Image Source: Andrew Hinderaker]
That way if employees do choose to bring devices and their privacy is violated, the liability will lie not with your management, but on the staff member who violated that trust. Likewise, if the employee engages in inappropriate behavior (say viewing adult videos at work) you'll have the analytics to challenge them as necessary.
2. Ban USBs, CD Burning; go to an Internal Cloud
An internal cloud is a much more secure solution than allowing employees to share and transfer files via physical media such as USB sticks or CDs. Not only can such media
, but it can also be used by a malicious employee or person posing as an employee to steal valuable trade secrets from your firm.
If your private cloud is properly designed and firewalled from the external world, it not only will allow you employees to share information more easily, it will also cut off a major source of data loss.
Banning physical media
is a smart idea and easy to do with today's technology.
3. Adopt the Latest Software
Still kicking around Internet Explorer 7? Kicking it with Windows XP? Quit it.
Old software is a security risk. If it is patched, it is often patched at a sordidly slow pace. And there's typically a lot of it lingering around here and there, so inevitably it's a highly attractive target for malware authors.
We know you loved Windows XP, but it may be time to move on. [Image Source: Microsoft]
While few businesses have the need or resources to upgrade with every single release of Windows and every single new browser release, many should put a bit more effort into staying up to date. And if you're testing software for older browsers or other older platforms with inherent security risks, be sure to isolate them from your other networks. Just ask Google Inc. (
) which saw
IE 7 test machines exploited by Chinese hackers
to steal data off its network.
Huge security risk, enough said.
5. Enforce Passphrase Use, Use Strong Hashing
Hold an employee seminar and explain how you can make a sentence into a password. A 30 or 40 character long password is very hard to break even with modern GPUs.
Like the sound of that? Do one better by also securely backing the password with the
most modern hashing algorithms
like SHA-256 or SHA-512. Combined these two techniques will make it virtually impossible to brute force your passwords.
6. Hold Education Seminars on Phishing, Spear-Phishing
Phishing -- sending malicious links inside innocent-looking email messages -- is a huge security risk for every company. Even the best password won't protect you if you go giving it to the wrong web-form. Teach your employees to watch their url bar in their browser and to avoid clicking on email links to access a site, unless they really trust them.
Beware spear-phishing, lest it compromise your employees who hold the most valuable files.
[Image Source: FBI (modifications: Jason Mick/DailyTech LLC)]
Special care should be taken to prevent
-- attempts to target specific high profile catches, such as a CEO/CTO/CFO's login information. You executives may moan and groan, but they're far to valuable to let them fall for such ploys.
Special screening of executive email can help cut down on spear-phishing threats as well. While staff obviously can't hand-screen every email message, it is practical to screen high-level management's messages for clear fraud/spam attempts.
Again a clear-cut policy to protect privacy must be enforced here, to prevent unfortunate incidents.
Following those 6 principles will take some work, but it will be worth it. After all, your firm is only worth as much as its security.
"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken
Microsoft Raises Its Licensing Fees to Cash in on Bring-Your-Own-Device
November 27, 2012, 11:35 AM
"High Roller" Hacker Attack is Stealing Hundreds of Millions From the Rich
June 26, 2012, 3:13 PM
Bitcoin Giant Mt. Gox Promises to Change Post-Hack
June 22, 2011, 2:21 PM
Future is Uncertain for Popular .ly Domain
April 15, 2011, 8:03 AM
CDs, DVDs, Thumb-Drives Banned from SIPRNET Under Threat of Court-Martial
December 13, 2010, 12:33 PM
Not All the High-Tech Jobs Are in California
August 4, 2016, 8:29 PM
Google's Gleaming Glass HQ Gets Mountain View Snub, LinkedIn Gets the Love
May 7, 2015, 6:58 AM
Tech's Tax Day Fortunate Few: Qualcomm, Xerox, GE, et al. Pay Little or No Taxes
April 15, 2015, 11:30 AM
LinkNYC Terminals to Blanket New York City With Free WiFi, Free Calls, and Ads
November 17, 2014, 6:50 PM
Microsoft is Open-Sourcing Most of .NET, Adding OS X and Linux Support
November 12, 2014, 8:27 PM
Home Depot Lost 53 Million Emails, Blames Windows, Buys Execs New Macs
November 9, 2014, 5:00 PM
Most Popular Articles
Surface Pro 5 Rumors - New Release Date and Price
April 22, 2017, 6:45 AM
SAPPHIRE PULSE Radeon RX 580 8GD5 – Great Value for the Money
April 20, 2017, 7:47 AM
Dell Inspiron 17 7000 – A Premium Laptop featuring 7th Gen Intel Core i7 in a 2-in-1 Frame.
April 19, 2017, 7:45 AM
Tesla will announce electric lorry in September
April 19, 2017, 6:20 AM
Meet the Smartphone with four cameras - Alcatel Flashphone
April 5, 2017, 11:20 AM
Latest Blog Posts
Google Co-Founder, Sergey Brin has an Airship
Apr 26, 2017, 6:43 AM
Samsung Galaxy S8 and S8 Plus – Lots of Glass that Breaks Easily
Apr 25, 2017, 7:20 AM
Samsung Galaxy S8 – Warning for Pet Owners
Apr 24, 2017, 5:59 AM
Sound Bars and the Costs?
Apr 23, 2017, 6:30 AM
Link your Brain to Your Computer – In Four Years…Maybe
Apr 22, 2017, 7:03 AM
Google Home can now identify users by their voice.
Apr 21, 2017, 7:15 AM
Amazon Lex – Now Available for Developers.
Apr 20, 2017, 6:58 AM
You can now use Instagram offline on your Android Smartphone
Apr 19, 2017, 8:00 AM
Now you can livestream to YouTube from your mobile device.
Apr 18, 2017, 8:05 AM
Google Home – Is It a Spy Device?
Apr 17, 2017, 7:30 AM
Apple added to self –driving test permit list
Apr 15, 2017, 6:21 AM
Project Scorpio – Coming on June 11
Apr 14, 2017, 6:20 AM
Looks Like Samsung Has Been Forgiven.
Apr 13, 2017, 6:50 AM
United Airlines - Blasted on China’s Social Network and the Stock Market
Apr 12, 2017, 6:50 AM
Amazon's Third-Party Sellers Hacked
Apr 11, 2017, 6:25 AM
Microsoft Surface Pro5 Details Revealed
Apr 9, 2017, 6:41 AM
Own An Android Phone? Then you could be hacked over Wi-FI
Apr 7, 2017, 6:47 AM
Apple confirms iOS 10.3 bug and its effect on iCloud Services
Apr 6, 2017, 6:30 AM
Apple Rolls Out New Version of Apple Music
Apr 5, 2017, 10:35 AM
Apple in the News
Apr 4, 2017, 9:03 AM
Apple iPhones Will Soon Feature Graphics Chips Designed BY Apple
Apr 3, 2017, 6:23 AM
More Blog Posts
Copyright 2017 DailyTech LLC. -
Terms, Conditions & Privacy Information