Definitely one you won’t want to miss!
Sourced from our recent research activity, this is a MUST
read for all businesses of all shapes and sizes. We have summarised the key points of the
article and you can find the whole piece here:
http://www.theregister.co.uk/2013/10/21/data_security/
Your business, your users, your systems and your data all
have value to someone.
You could be targeted because you have something that
someone specifically wants, or because attackers are hoping to find bank
account details or email addresses to spam, or because they want your computer
power for a botnet.
Few companies have the luxury of being able to dedicate one
or more members of staff to security, but there are some easy layers of defence
that everyone should have in place.
Microsoft Windows 7 and below have this covered fairly well
with Microsoft Security Essentials for anti-virus needs and Windows Defender
for spyware. Windows 8 has Windows Defender built in and does both anti-virus
and anti-spam ware.
One of the most common methods of getting something unwanted
is via an infected USB. Blocking USB devices is of course is a great line of
defence which needs to be well managed with your staff.
Fear of phones
Mobile malware is the latest threat. Android phones are the
worst culprits. iPhones, Windows phones and BlackBerrys are much safer. Enforcing PINs or password on devices is the
most basic level of protection and should be employed wherever possible.
Avoiding using free services such as DropBox – hacking is
easy. The rogue user is another danger
area – the member of staff who leaves the company to work for a competitor and
still has arrangements in place for company-sensitive information to be emailed
to him. Similarly, the person who left but knew another person's password.
Weeks after leaving the company he logged in via webmail and began abusing
staff.
Flashing red lights and sirens should be going off by
now! Policies prohibiting sharing
passwords with other staff members and a regular forced change of password help
to prevent these situations.
Beware the mafia
Ensuring user- accounts are disabled as people walk out the
door for the last time is a very small price to pay to avoid a potential high
risk of damage.
It is also worth educating users with reminders and tips. It
is obvious to us, but a random email asking for their login details will often
have users happily clicking a link that goes to
"http://yourcompany.russianmafia.com" and entering their company
username and password.
An attacker who has targeted a staff member or company can
do huge amounts of damage and companies of all sizes are at risk."
These are just some of the basic approaches you should
consider to protect everyone. You want to be thinking about them now rather
than when it is too late. ®
Sysadmin blog
No comments:
Post a Comment