It seems as if every couple of weeks, there’s another incident of data theft or some major IT security event. First it was consumer information stolen from large retailers. Then it was compromised social media sites. Next we had bugs that were called digital pandemics and celebrity pictures stolen from Apple’s iCloud. If all of these examples don’t make you question the security of your company’s information, I don’t know what will.
Featured Download: Social media access at work. Do your employees know the rules?
We’re living in a world with rapid changes in technology. While these advances come with amazing benefits and have forever changed the way we do business, they have brought new security issues. Organizations are rushing to get onboard with the latest and greatest, but implementation takes time and resources that many IT departments can’t handle automatically.
Consider your own IT department. How often do you contact them with computer crashes, software issues or other technical problems? When IT professionals spend so much time on day-to-day tasks, there is less time to focus on bigger, more dangerous issues, like network security.
When you combine this with the rapid introduction of new technology, you begin to get a glimpse of the dangers facing network security. Many initiatives are being implemented without proper security oversight or controls, and IT departments are left scrambling to stay on top of everything.
Along the same lines, many network security policies are being adopted over too wide a range of devices and services.The way you’d treat cloud-based smartphone applications is very different from how you’d treat desktops connected to your dedicated server. It’s important that IT security policies are updated to fit newly adopted systems and services.
Emerging trends like cloud computing, BYOD and new mobile technologies also present unique challenges. While these are all incredibly helpful tools, without proper controls they could potentially expose a business to a vast number of threats. For example, allowing employees to use their own devices is great for morale and productivity, but when they use them for personal use and aren’t careful with their habits, it opens the door for intrusions.
Cloud computing also presents another challenge. As mentioned earlier, the cloud isn’t perfectly safe. It offers many great benefits, like increased collaborative abilities and even transferring some of the burden IT professionals deal with to cloud providers. It’s important that as organizations begin to implement cloud computing into their business, they are aware of the additional security requirements and have researched vendors with proven track records.
Finally, we have mobile technology and the growing market of wearable technology to deal with. While these devices are designed for simplicity, they bring with them a number of serious concerns. A device that is easier to operate is often easier for an attacker to access. In addition, many wearable devices don’t encrypt data in an effort to improve performance. Easy access to unencrypted data presents serious concerns. Even if important company information isn’t stored on these devices, that doesn’t mean your network is invulnerable. Many of these devices require access to Wi-Fi or Bluetooth in order to function. Should they be compromised, they could easily spread malware or viruses into your network.
Unfortunately, there’s no fix-it-all solution to these issues and the threats are only getting worse. However, that doesn’t mean you’re helpless. There are a number of things you can do to protect your network. First, don’t let the adoption of new technology rush past proper IT oversight and controls. Also, with BYOD, security becomes more than just an IT responsibility. All employees need to be trained and educated on the right practices to keep company information safe. Help them understand that regular browsing and downloading habits at home could seriously compromise company information stored on their devices. Create guidelines so employees know what they should and shouldn’t do. Lastly, don’t stretch yourself too thin. Some budgets don’t allow for massive IT departments, and that’s fine. Pace yourself and find the right services that fit with your business’s specific needs.
By Rick Delgado | @ricknotdelgado
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.