The New York Times reported recently on a Computer Security Institute survey of 443 companies and government agencies. They found that 64 percent reported malware infections and the “financial loss from security breaches was $234,000 on average for each organization.” Here are ten ways to improve network security based on the New York Times article.
1. Employee Awareness and Training
Providing employees with regular reminders and updates about guarding against possible breaches is an important part of an overall security strategy. It might help to incorporate a segment on the threat of network breaches and steps to avoid malware infection in regular employee training sessions or departmental meetings. An occasional email reminder highlighting security threats and tips may help employees avoid increasing network risk by careless actions.
2. Guard Your Drives Because Free Gifts Can be Costly
According to NYT, “one scam involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo.” Once inserted into computer, it “collects passwords and other confidential information on a user’s computer and sends it to the attackers.” Be cautious of any free drives or non-network approved drives inserted into employee computers.
3. Be Careful Responding to Emails
The recent Google attack used a classic email attack known as phishing. In this scam, employees receive an email that claims to represent the employees bank, social media site or other familiar website. The emails often look convincing and employees click through, arriving at a site that looks like their bank or other site, and they are asked to provide username, password and other pertinent information. NYT points out that an even more malicious form is known as spear-phishing. In this scenario, users receive an email attachment that appears to come from a specific friend or even colleague with the same company. So employees must be cautious reading and responding to emails even from trusted sources.
4. Watch for Weakness in Website or Network
Sometimes attacks exploit weaknesses on the company site or within the company network, looking for a gateway to introduce malware into the system.
5. Watch Your Cellphones
The next area of concern in coming years in the exploitation or hacking of smartphones. Be on guard against clicking links on text messages and on applications installed on company phones.
6. Monitor Abnormal Employee Activity
There are cases of employees exploiting the company from within. NYT reports that “a software engineer at Goldman Sachs was accused last year of stealing proprietary software used in high-speed trading, just before he left for another firm. The engineer, who pleaded not guilty, had uploaded the software to a server computer in Germany, prosecutors say.”
7. Keep an Eye on Software Vulnerabilities
Virtually every company now uses a variety of software applications from multiple vendors. Some of these applications work across company network and the Internet. Network administrators must keep a watch on software updates and software vulnerabilities as they are released.
8. Watch for Anomalies in Network Traffic
Keep a watch on any unusual network traffic especially if it comes from locations where vital information is being stored.
9. Disconnect
Some companies are choosing to place valuable company information in computers that are not connected to the network or the Internet. NYT reports that “some companies go further, building “Faraday cages” to house their most critical computers and data. These cages typically have a metal grid structure built into the walls, so no electromagnetic or cellphone transmissions can come in or out.”
10. Mature Software Industry
Self-regulation and developing industry standards seem to be a long-term answer according to some experts.
Integracon experts monitor security threats and help our clients develop strategic security initiatives. Please contact us to learn how we might support your company.
