The emergence of smart phones, social networking, the Cloud, mobile users and the ever increasing use of the Internet means that security is on the concerned minds of businesses everywhere.
Cybercrime is on the rise and risks include data theft and service disruption as well as identity fraud and significant financial loss.
Our security team are experts in a wide range of multi-layered security solutions for protecting business – installing and configuring secure firewalls, networking and wireless networking solutions, hardened operating systems, intrusion detection and prevention capabilities, Internet filtering and monitoring, disaster recovery and business continuity solutions.
Below are some easy ways you can avoid some of the most common security mistakes our highly trained security engineers find when conducting audits:
10 ways to improve your security
- Never give out your username and password through email, over the phone, or in person, or leave post it notes containing password information on your desk.
- Ensure your internet browser is updated with the latest version and choose the option NOT to save any credentials.
- Never post your date of birth or sensitive company information on social media sites. It is also a good idea to use a separate, personal email address for these mediums, rather than your work address.
- Secure your servers with a locked server room. It only takes a minute for someone to steal your server and leave you with a disaster on your hands!
- Lock your computer when you walk away from your desk.
- Encrypt your data! It is increasingly common for people to work on the go from laptops or iPhones and Android devices – what happens if these devices are lost or stolen?
- Never click on links in emails if you don’t know who they are from. One link can take down your machine and compromise the entire network. It could be concealed in something as common as a spreadsheet to bypasses attachment controls.
- Password protect your mobile device and change this password every 60 days.
- Make sure you have an antivirus product protecting your systems, and ensure it is current, not out of date!
- Get a Security Assessment performed by a trained professional every 6 - 12 months to properly access your network security and overall security standpoint.
And the 5 you probably didn’t think of…
Rogue access to wireless points
Rogue access to wireless points can be either be setup via a malicious hacker or created by a user who is not aware of the ramifications of their actions.
You may have a user with a laptop who connects into the corporate network with a standard ethernet cable. They try to visit a website that is blocked by your company’s internet filtering policies, so they use Wi-Fi and find a free access point called “Wi-Fi free” and connect in. They can now access the website, however they have breached your company’s security controls. Not only could their traffic be sniffed by the access point (for passwords and credit card details) but they have inadvertently provided a malicious hacker access to your network.
There are also trojans which will turn on a wireless access point on a laptop enabling hackers to use it to breach networks. Another common method hackers use is to deploy an access point with the same name as the company access point. This way a user may inadvertently connect to the hacker’s point instead of the corporate network.
USB – the biggest offender so far
Every day we see more and more virus infections as a result of USB keys.
Malicious hackers will purchase hundreds of USB keys, install viruses on them and ‘accidentally’ lose them. Users find them, plug them in and they instantly turn machines into a bot, or just cause havoc through worms. If in doubt – don’t plug it in!
Bluetooth is a major source of security weakness for organisations. Even with the emergence of WAP, 3g and wireless the amount of people that still use Bluetooth and leave it on all day is amazing.
It is extremely easy for a hacker to perform ‘Bluesnarfing’ and take control of your device, gaining access to everything from your videos, through to contacts and even making phone calls. And, if your phone is also linked to the company network over wireless, a malicious hacker has just bypassed all of your enterprise security controls. ‘Bluejacking’ is another common term that involves sending unsolicited messages or data to your Bluetooth devices.
If you need to use Bluetooth, you can lower the risk of Bluesnarfing or Bluejacking by ensuring you set a PIN and change it frequently. For new Bluetooth connections periodically review your partner list and remove anything you do not know. Block all unauthorised connections to your device and turn off visibility for Bluetooth. Or, if not in use, just turn Bluetooth off!
Standardise mobile devices
As part of your company’s mobile security policy, look to standardise on mobile devices. Not only does this make purchasing easier, but from a system admin, support and security point of view it reduces costs dramatically. The more diverse the devices, the more money, time and effort it will take to secure them.
Acquisitions or partner companies
If a hacker can’t penetrate through your company, they may try and gain access through your partner company’s networks and infrastructure. Organisations need to ensure that their partners or affiliated businesses are also secure, especially if there is a trust between the networks or vpn connection.