How to choose a good IT Partner
IFFW IT Support for Schools Information
What are the latest top 2 invincible security challenges that
Recruitment Companies face today and can your IT Support
company help you?
NETWORKS AND SECURITY RISKS
- Internal Security
- Social Engineering, Spamming, Viruses, etc.
1. Internal Security
Internally and externally, risk will always be there – but we can try to minimize it. Internal attack may be intentional or non-intentional in nature. In terms of intentional or malicious activity, the capability to cause damage from inside a company is far bigger than from hackers accessing externally. The biggest threat, however, comes from employees accidentally doing something wrong, non-intentionally, and being too scared to admit it.
USB, USB-Hard disk, Ipods, floppys, Cameras, cell phones, etc. all link into a pc and can pose a real threat to the company. Any employee can copy official data to external device, eg. a floppy, USB, etc. or can email it to himself via the Internet. This is really a big loss to company and, consequently, to every individual. If the company loses data, it loses applicants, loses commissions, and eventually the company is lost and jobs are lost. This will affect every individual. When last did your IT Support Company do an audit for you?
Organizations expect that anyone stealing information by copying it from a computer will do so using floppy disks, CD-Rs, DVD-Rs, or by sending out e-mail attachments and they do take precautions to detect or prevent this from happening. Most companies use digital cameras as a part of their working day activity. But what can they do about the employees who use a camera or MP3 music player to steal sensitive data while appearing to use his or her computer to download photos or music ?
In the past, organizations used to do physical checks to avoid data being copied onto floppies or cds but today miniature devices are available (the size of a key chain) which can easily be carried away without detection but which are more harmful since they can carry much larger amounts of data than a cd or floppy. Ipods, the latest craze for music lovers, might look like the person carrying it is enjoying music but he can carry 60GB of data which would be the equivalent of storing every business document in a medium-size firm. A compact flash card is a tiny device which is used in digital cameras, personal digital assistants, notebook computers, and MP3 music players. These devices can store up to 8GB of data. Similarly, key chain drives or USBs or Flash drives (whatever we call them) are capable of storing from 128KB up to 16GB of data. These devices are just plugged in to the USB port of the computer and BINGO! you can copy the data. In the same way, with the help of Bluetooth, we can transfer the data to our high mobiles or PDAs, or any electronic device which has the capacity to save data. Has your computer support company help you to put any procedures, hardware or software in place to combat this?
Research shows HR and payroll information to be the most popular target here. The biggest worry is technical personnel, as they have access to all the Unix, Linux and Windows servers and could potentially disrupt or delete the firm’s whole operating system.
2. Social Engineering, Spamming, Viruses, etc.
What is social engineering? The term has been popularized in recent years by well known (reformed) computer criminal and security consultant Kevin Mitnick. He points out that it’s much easier to trick someone into giving you his or her password for a system than to spend the effort hacking into it! Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. Whilst similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most (but not all) cases the attacker never comes face-to-face with the victim .To give you an idea of social engineering, it is like talking on the phone with someone and trying to gather important information about their prey, cleverly using flaws in human logic. The main methods include pretexting, phishing, Trojan Horses. Your IT support company should always advise you on this.
i) pretexting – There are times when we might receive an email from someone we know, but in reality it is coming from another source. For example, an email appearing to be from your System Administrator may ask you to change your password to the password he has sent you or the account will be terminated. Another may ask you to send your password, or some other important document, which is sensitive information
ii) phishing – One more practice is where you will receive mail from the bank claiming to be from the credit card department asking you to log on via a web page link you are given in the email and to enter your credit card number, account number, pin number or password, etc. This is “phishing” (with a PH) where a phisher tries to extract your credit card and account details from you. eg. Citybank example.
iii) Trojan Horses – Using remote administration software a hacker can hack in to their prey’s system without giving any password and can control their full system, install software, delete files, restart the system, eject the CD-ROM, switch webcam if present, etc.We should take precautions while installing any software. In the office, let the System Administrator install it for you. Do not install any software without their knowledge as it may be infected. Let your computer support people test the software first.
iv) Viruses and Worms – Normally we have a tendency to share some folders for the purpose of sharing data and this can also create a big vulnerability. Viruses and worms are always in search of shared folders, or those unprotected by a password on the network. For example, if a system is infected with a virus, first it will copy itself to some safe directory, and get registered into the windows registry, so that when every the pc is restarted it will be activated first. Secondly, it always searches for shared folders on the network. If found, it will copy itself to these shared folders and this is how it spreads to infect the whole network.
Please do not share folders, instead upload the information discretely to the internet using an ftp server with proper authentication every time. RECOMMENDATIONS
Use virus protection software
Use a personal firewall
Regular IT auditing of systems can help firms to track activity by System Administrators.
Don’t open unknown email attachments
Remove unnecessary shared folders
Don’t run programs of unknown origin Users should select strong passwords (alpha numeric)
Keep all applications, including your operating system, patched.
Turn off your computer or disconnect from the network when not in use.
Disable scripting features in email programs
Make regular backups of critical data
Make a boot disk in case your computer is damaged or compromised
Educate employees about computer security for the benefit of the whole company
Consult IFFW Group Ltd for a security review or call Francis West on 01923 654 900 for more info/advice. Written by Francis West from IFFW Group – IT Support London IT Support – news & articles index >>