What happens when you forget to lock the doors before going out of town for the weekend? The lock itself is not going protect your house unless you use it. The same applies in the cyber world.
At times people tend to be lethargic about their security thinking their laptop doesn’t have anything that a hacker might want, but when the same laptop with compromising backdoors and infections enters a corporate network and establishes connections with several other users and servers there, it becomes a bridge, a catalyst to bigger catastrophes.
Individual users and network administrators must never forget that their best hardware and software protection can be thwarted by a single user who is lazy about his system’s security, they must always be mindful of the following to fight the challenge of data leak due to ignorance.
Hardware Firewalls
if you have a number of users to handle and if your budget allows always go for a good hardware firewall which allows centralised network security.
It reduces the dependence on reliability of the security related skills and awareness of individual users.
They may still have software firewalls installed on their computers, but if they are not keeping it upgraded or gave an uninformed or misjudged response when their firewall asked them to permit an activity, they may compromise the network. A centralized hardware firewall maintained by an expert in that case provides better protection to the network.
Policy-Based Email Encryption
Taking the responsibility away from users to judge which emails should be encrypted, the administrators should, whenever possible, enforce policy-based encryption which automatically encrypts every email correspondence whenever it is required.
Password Policies
This is always the first stop. Each and every user should take it upon themselves the responsibility of protecting their passwords. Simple measures include, keeping passwords hard to guess.
If your current password is a variant of your mother’s maiden name, well it falls into the category of the easiest to guess passwords. Audit your passwords using utilities like howsecureismypassword.net.
Also if you are in the habit of using a single password for a number of services, make sure you don’t have any orphan/unused profiles or accounts on sites which are just waiting to be hacked by someone. Delete all such information about yourself from the net.
Wi-Fi
Make sure your Wi-Fi corporate network range is confined within the office premises. Use directional antennas to keep it from being accessible to a piggy backer.
Also ask the users to keep their residential Wi-Fi is on WPA2 encryption, you can’t expect individual users to know how to or care for using directional antennas but WEP encryption is an absolute invitation to trespassers.
Devices
If possible keep schedule periodic security audits to user’s mobiles and devices, offer it them as a help. Individual users themselves should realize that devices are becoming more and more powerful and are used for the most security critical tasks like bank transactions etc.
If a mobile phone or a device has for an instance a malicious key logger, not only will it cause great strife to the user but also create all sorts of precarious situation to the network it accesses.
In a multi user environment, to eliminate the threat of losing critical data due to one user’s ignorance regarding security issues, apart from the measures discussed above, it is always a good idea to keep giving yourself and the users general security awareness reminders like not using borrowed external drives in office, not opening grey sites, not exchanging official hardware without clearing it off of all critical information, not landing your system to anyone, keeping a separate system for personal use if possible etc.
