Smarter Security Steps Part 3: Safe and Secure Technology

Thursday, September 29, 2011

Brian McGinley

E9e4b2893895604b1b913b7b02e6640b

By Brian McGinley, Identity Theft 911

We have moved from being a computer-assisted society to one that is computer-dependent. Controlling that dependence is critical to maintaining a secure operation.

Admittedly, that requires assistance from technical experts. But good control begins with a company’s employees, an area you can’t afford to ignore, and which I covered in an earlier post.

Once you’ve put in place the properly trained people and policies by following Steps 1 to 14, you can turn your attention to these tech-focused measures:  

image15. PC and Laptop Security

If your computers are secure, your data is secure. A no-brainer, right? Yet countless companies don’t have in place the most basic computer and laptop security measures.

These include, but are not limited to:

  • Lock PCs when they’re idle, through screen savers or antivirus utilities
  • Enable firewalls with strict permissions
  • Block user downloads and installations
  • Limit social networking and file-sharing
  • Install phishing filters and remote laptop security cleaners

16. Mobile Devices, Smartphones and Media

Laptops used to be the Holy Grail for data thieves and corporate spies. Now the quarries are smaller, lighter, and easier to pocket: smartphones, flash drives, and external hard drives. These types of devices and media need the same level of protection as any company laptop or mobile workstation.  

17. Email Security

Spear phishing, which targets data networks through email channels, has opened backdoors for some of the largest hacker attacks this year. It’s imperative to have protections in place such as:  

  • Encrypted/TLS or Secure File Transfer Protocol (SFTP)
  • A ban on free email accounts at work such as Gmail and Hotmail
  • A ban on linked attachments, from services like YouSendIt and Dropbox
  • Scanner technology for all attachments that move through your mail servers

18. Use Antivirus and Antimalware Software

This step should need no explanation. Just do it.  19. Social Networking If your company does not use social networking as a business tool, consider banning it from the workplace.

The move is extreme, perhaps, but it could be worth the time saved—both in employee productivity and security resources. Social apps can introduce viruses behind a firewall, and they’ve become the new playground for hackers and con artists.  

20. Network Security

Your IT network represents the “Keys to the Kingdom” and its security is critical to your ongoing operations. It needs to be appropriately resourced, set up, serviced, and protected by competent technical subject matter experts.

This is an asset that needs your continued attention with appropriate care and feeding, as they say. The network is holy. It should be treated–and protected–as such.  

21. Third-Party Service Providers

As we learned in Step 9, you’re only as strong as the weakest link. It is imperative to be as rigorous with a third-party service provider’s data protection practices as your own. To assume the liability is off your business because a vendor has been hired is simply deadly.

Without equivalency protection across all your partnerships, these steps are all for naught.    

imageBrian McGinley, Senior Vice President of Data Risk Management, Identity Theft 911 With more than 30 years of experience in risk management, security, loss management and compliance within financial institutions, Brian has held senior positions at Wachovia Corp. and Citigroup. He served as board chairman of the Financial Services Roundtable/BITS Identity Theft Assistance Center.

Possibly Related Articles:
14299
Network->General
Information Security
Antivirus Email Information Technology Network Security PC Third Party Mobile Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.