As technology changes so does the necessary security procedures that go along with it. New stronger secure passwords may be overwhelming for many who quickly loose track or have difficulty remembering them. This leads to people writing those passwords down or when able to they keep using less secure passwords and keeping the same password for several accounts. Requiring stronger passwords will ensure that employees are using passwords of proper strength. Having passwords expire every 90 days will also prevent employees from using the same passwords. Getting employees to stop writing their passwords down can be more difficult. Try having them create a password that is personal to them that they can easily remember, but not something simple as a child or a pet's name.
Social networking sites that are used by employees at work can also put the company's network security at risk. The simplest way to put a stop to this is to restrict the site. Employees are smart and will often find several different ways to access these social networking sites so ensure you have blocked all of them. Make sure employees are aware of the risks they are exposing the company to when they use unauthorized sites. By having employees follow these security procedures they can help create safer networks and end their bad security habits.
http://solutions.webtitan.com/blog/bid/149486/Poor-email-security-habits-expose-confidential-corporate-data-with-the-click-of-a-mouse-how-to-prevent-this?goback=.gde_38412_member_253541085
Friday, June 28, 2013
Thursday, June 20, 2013
Amazon Cloud
Amazon has recently secured a contract with the CIA for cloud computing. They beat IBM, who had previously dominated the federal contract sector. What is interesting is what Amazon offered to do for the CIA. In house cloud computing. This may be a frontier for what large corporations will want. Typically companies that wanted cloud services were only able to receive a copy of the existing public cloud. Then it was to be modified to meet the company's needs.
What does in house cloud computing provide that traditional cloud does not? Greater security because it will not go over public internet like the majority of cloud services do. This is very important to companies that are taking every precaution that their information is not stolen. Up until recently Amazon was against this new type of in house cloud services, but I suppose a $600 million contract and the chance to pave the way for new in house cloud service was enough to convince the company. This will most likely change the way large companies want and need their information stored, especially in regulated industries such as healthcare organizations who are required to provide more secure storage of their data.
http://www.wired.com/wiredenterprise/2013/06/amazon-cia/
What does in house cloud computing provide that traditional cloud does not? Greater security because it will not go over public internet like the majority of cloud services do. This is very important to companies that are taking every precaution that their information is not stolen. Up until recently Amazon was against this new type of in house cloud services, but I suppose a $600 million contract and the chance to pave the way for new in house cloud service was enough to convince the company. This will most likely change the way large companies want and need their information stored, especially in regulated industries such as healthcare organizations who are required to provide more secure storage of their data.
http://www.wired.com/wiredenterprise/2013/06/amazon-cia/
Friday, June 14, 2013
Bring your own device
I've been reading about many employees that bring their own electronic devices to work. A recent article states that more than 90% of employees store work information on them. With this becoming so prevalent it is important for companies to keep and enforce policies on protecting company information. Over 50% of employees want to be able to access their work information from anywhere.
Studies have been conducted that explain the risks and benefits of BYOD. Benefits include increased productivity, greater employee satisfaction, greater mobility. The risks are malware, the user not securing their device and inadvertently allow unauthorized access to information, and data loss. It is highly recommended that employers mandate that there is encryption on employees devices. The companies should also understand that many employees do not understand what the risks are when they inappropriately access work information from their own device. Before even allowing BYOD, companies need to create specific policies and outline not only why it is necessary but what can happen if the policy is not followed. All employees should be able to understand what is required of them, this could be done through quiz's. If an employee does not understand a 1:1 instruction should be provided and if this is not effective the employee would be banned from BYOD.
The only way to make sure employees follow the security policies is to make them accountable.
http://www.computerweekly.com/news/2240185093/Workers-use-personal-devices-to-store-business-documents?utm_source=feedly
http://www.viaresource.com/media/20307/byod--risks_-trends-and-skills-in-byod-security.png
Studies have been conducted that explain the risks and benefits of BYOD. Benefits include increased productivity, greater employee satisfaction, greater mobility. The risks are malware, the user not securing their device and inadvertently allow unauthorized access to information, and data loss. It is highly recommended that employers mandate that there is encryption on employees devices. The companies should also understand that many employees do not understand what the risks are when they inappropriately access work information from their own device. Before even allowing BYOD, companies need to create specific policies and outline not only why it is necessary but what can happen if the policy is not followed. All employees should be able to understand what is required of them, this could be done through quiz's. If an employee does not understand a 1:1 instruction should be provided and if this is not effective the employee would be banned from BYOD.
The only way to make sure employees follow the security policies is to make them accountable.
http://www.computerweekly.com/news/2240185093/Workers-use-personal-devices-to-store-business-documents?utm_source=feedly
http://www.viaresource.com/media/20307/byod--risks_-trends-and-skills-in-byod-security.png
Wednesday, June 5, 2013
Introduction
Hello to everyone who reads my blog!
I'm Stacey and this is my first blog so bear with me. This blog was created in relation to one of my courses while working on my Masters in Cybersecurity. I completed my BS in International Security and Intelligence in August of 2012. During that program I realized the impact that Cybersecurity has on protecting our nation. I am looking forward to learning more about Cybersecurity and the management of information security.
I'm Stacey and this is my first blog so bear with me. This blog was created in relation to one of my courses while working on my Masters in Cybersecurity. I completed my BS in International Security and Intelligence in August of 2012. During that program I realized the impact that Cybersecurity has on protecting our nation. I am looking forward to learning more about Cybersecurity and the management of information security.
Subscribe to:
Posts (Atom)