Member Article
Lessons from Star Wars: when evaluating IT security, beware of Lando Calrissian
For many businesses, the threat of a cyber attack or breach looms as large as a space station the size of a small moon suddenly pulling into orbit. Each morning, the day’s headlines reinforce a sense of inevitability – it’s no longer if you’ll be attacked, but when. But when you’re dealing with a perceived external threat, it’s important to keep your guard up around your employees as well – lest you find yourself encased in carbonite.
Han Solo made a mistake trusting Lando and paid the price. Like Han, businesses sometimes trust the wrong people as well. Bad hires, disenfranchised employees or the security illiterate can quickly turn from trusted worker to major liability. In fact, in a recent survey by Intermedia, 93% of respondents admitted to engaging in at least one form of risky data security. With that in mind, here are some tips to help you avoid Han’s fate.
Jedi Academy create you will
Too often, security training is viewed as a one-time endeavor. An employee joins the company, is given an introductory seminar and then rarely hears about security again. If you don’t update policies and offer refresher trainings, they gradually become irrelevant. The key is to make security continually new for everyone. It’s not a Jedi mind-trick; there’s always more to learn and master. Keep changing and updating the guidelines, but keep it interesting – don’t just change the policy, change the experience. Send fake “phishing” email to employees and see who will fall victim, or make it a competition to see which employee or team can spot the most. Remind people that you’re watching and that security risks are real. Make sure they know WHY it’s important.
Use passwords even a droid couldn’t crack
Reusing passwords for multiple business applications is one of the most widespread problems businesses face. Making matters worse, the passwords are often weak in nature, making them easier to crack. Or, if they’re strong, employees need to write them down in order to remember them, and that opens up the risk of them leaving it somewhere for others to see or steal. The solution? Use the Force (or at least a Single Sign-On solution) to take application-specific passwords out of the hands of your employees.
It’s a trap!
Even the most well trained employees can still fall victim to a well-executed phishing attack. According to a recent Intel® Security study, 96% of executives couldn’t tell the difference between real emails and phishing emails 100% of the time. Protect your employees with an advanced email protection suite that includes real time URL checking to help fend off sophisticated phishing attacks. Think of it like a shield generator around your Inbox.
Beware of the dark side
Despite our best efforts, sometimes employees are lost to the Dark Side. For these cases, it’s imperative that a security and compliance team has been established within your company. This team should monitor two key areas: 1) who has access to which IT services and 2) how information is being accessed and shared. Think of them as your Jedi Council.
Similarly, having a detailed employee off-boarding process in place is a key step to help ensure that ex-employees don’t turn into external threats. Intermedia has found that 1 in 10 employees have accessed information from a previous employer at a new job. As part of your off-boarding process, it is critical to terminate every employee account to every service.
A communications disruption could mean only one thing…
Remember: Even with all the preparation, an invasion by a malicious code or rogue-employee might still get through, so it’s best to have the necessary defenses in place to get your systems back up and running in as little time as possible. Online backups are crucial, but having a File Sync and Share solution that’s linked to a datacenter with a 99.999% up-time guarantee means collaboration can continue. Employees can still access their files from virtually any other machine while the main device is out of commission.
By Alex Smith, Director IAM Products, Intermedia
Intel is a registered trademark of Intel Corporation in the United States and/or other countries.
This was posted in Bdaily's Members' News section by Alex Smith .