IT Security: 4 Steps to Safeguard Information
In the wake of the Sony hacking incident, how can companies reduce the chance of their electronic and hard-copy records being compromised? Hackers can infiltrate your organization within the office or across the globe. Help your organization reduce the likelihood of an attack and its debilitating effects by taking both proven and emerging security steps.
Because computers have become more integral to the way we do business, hackers and malicious employees are familiar with most organizations’ IT security. Newer developments such as public and private cloud-based storage and security systems offer options to help organizations secure their data.
Security Is More Automated
Through the use of Software-Defined Security, more and more organizations rely on security approaches that require little to no hardware. This type of security uses software as one line of defense to check for correct permission usage and monitor network segmentation to detect unauthorized users hacking a system's network. In light of the recent suspected cloud-based hacks, this type of security has obvious advantages.
Separate Application Spheres
With so called “application isolation,” organizations can reduce the chance of multiple applications or user logins on a server being compromised, especially for web-based applications. If two or more applications share a common resource, such as RAM or a hard drive, the common resource could be used maliciously by a hacker, reducing the efficiency of all affected applications.
If one application offers greater security, it might house sensitive client information such as Social Security numbers, banking information, etc. Another application with less protection may store email information for new users who sign up for email marketing campaigns, for example. While web servers are particularly vulnerable due to their inherent exposure, non-Internet sources also can be impacted.
Cloud-based Security Moves Beyond Installed Anti-virus Programs
Security is moving beyond traditionally installed forms of antivirus software toward a full suite of cloud-based systems. By transferring antivirus duties to the cloud, more types of security can be added such as monitoring and isolating suspicious visitors, especially those from locations known for individuals or governments that back hackers. Some services even have the potential to determine an attackers' origin and provide protection from that location moving forward.
Reduce Internal Theft/Hacking Before and During Employment
Along with external hacking and data theft, many times an attack can come from an employee or even an unscrupulous contractor working on- or off-site. Conducting applicant background checks before the interview and having them agree to an Acceptable Use Policy upon hire are highly recommended precautions, as those with questionable IT backgrounds probably won't volunteer that information.
Keep in mind that organizations sometimes neglect to use basic safety measures such as using secure forms of communication when discussing passwords and usernames. Other tips include changing login information after employees leave the organization, and not giving vendors access keys to sensitive areas.
While there's no bulletproof system, security will continue to evolve and attempt to stay one step ahead of both internal and external hackers.
Sources
- http://www.techopedia.com/definition/29942/software-defined-security-sds
- http://searchsecurity.techtarget.com/tip/Web-application-isolation
- http://www.vormetric.com/data-security-solutions/cloud-data-security
- http://www.computerworld.com/article/2571331/security0/how-to-defend-against-internal-security-threats.html
- http://www.globaldots.com/cloud-computing-types-of-cloud/