• 20 Percent of Employees Would Sell Their Passwords
    From “20 Percent of Employees Would Sell Their Passwords”
    BetaNews (03/21/16) Barker, Ian

    Research from identity management company SailPoint found that one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year. Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. SailPoint also found that two in five employees still have corporate account access after they leave their job, 26 percent uploaded sensitive information to cloud apps with the intent to share data outside the company, and 32 percent share their passwords with their co-workers. The data comes from a survey of 1,000 office workers at large organizations (with at least 1,000 employees) across the U.S., UK, Germany, France, the Netherlands, and Australia. The Market Pulse Survey proves there is a disconnect between employees’ growing concern over the security of their personal information and their negligence over data security practices in the workplace.

    | Web Link

  • Cyber Impact: Why Physical and IT Security Are Converging
    From “Cyber Impact: Why Physical and IT Security Are Converging”
    Security Today (03/01/16) Joseph, Stephen

    The shift of banking practices from physical branches to online has forced financial institutions to revamp their security measures for the cyber realm. IT and physical security are increasingly converging, with new network-based technologies allowing the two departments to share common tools and work in tandem. Corporate security directors faced with limited security staff are using smart technology for traditional security support as well as for handling decision making. An example is network routers that can be programmed to detect and route specific network traffic, such as financial transactions, e-mail or surveillance video, according to preset conditions and priorities. In mitigating potential threats, it is also important for IT and physical security to work side-by-side, such as in deploying a physical security system technology on a bank’s network. Another way the two fields are converging is the IP video camera, a popular physical security device today being deployed across banking networks. As with any network device, the security camera should meet certain basic IT security standards and banking institutions should follow standard protection recommendations. New technology always comes with the potential of new threats, but through efforts by both parties to seamlessly merge cyber and physical security programs, an institution can become more capable and successful in mitigating potential risks.

    | Web Link | Return to Headlines
    Data Security Threats Could Be Lurking Inside Your Organization
    From “Data Security Threats Could Be Lurking Inside Your Organization”
    In Homeland Security (03/02/2016) Tarbet, Michael

    Most organizations tend to focus security efforts on data breaches that come from the outside. But 43 percent of breaches actually come from within the company itself, some as a result of simple human error and some by more nefarious means. These breaches carry consequences similar to those that come from outside breaches, and often have larger repercussions. As bring-your-own-device policies become more popular, the threat of interior breaches grows. One way to combat this risk is to implement policy-based data access governance. Identity-based access management can work well, but policy-based governance can control what data leaves the organization and precisely defines who or what applications can use the data. It also enables companies to define the types of data an employee can access based on administrative roles. This principle works for current employees, but ex-employees pose a threat as well. The most efficient way to stymie that risk to to revoke all access to data by ex-employees as quickly as possible, especially if their termination was messy.

    | Web Link

  • Security Can’t Be Left Behind at a Rapidly Growing Company
    From “Security Can’t Be Left Behind at a Rapidly Growing Company”
    CSO Online (12/16/15) Pratt, Mary K.

    CIOs at rapidly growing companies have to maintain speed and progress without sacrificing security — a difficult feat. Software development company Informatica is growing quickly, and finding that balance can be difficult. However, senior vice president and CIO Ginna Raahauge has a method for her own success: “Celebrate that the business needs to move at the pace of growth and create a safe environment of disclosure or amnesty approach,” she says. “It’s better for them to help you find them than try to hide something.” CIOs across the spectrum say they’re facing a rapid pace of change in their IT departments, and security has to be a priority or else all the speed and tech-driven competitive advantages can go to waste. Raahauge also says that a shift in thinking is necessary: “Neither security nor IT should ever slow down the pace of delivery; a better objective is to move with speed by changing the mindset of having security at the forefront of the design or business requirement vs. an afterthought or necessary evil.” Other companies are hiring additional security staff, working with outside security experts, and spending more money on security demands.

    Share       | Web Link

  • How to Increase Security Through Building Design
    From “How to Increase Security Through Building Design”
    CSO Online (01/06/16) Ludwig, Sarah E.

    Crime Prevention Through Environmental Design (CPTED) is a method used in security planning that focuses on design, placement, and the way the building is used as a means to increase security in an aesthetically pleasing manner. “CPTED tends to provide a purposeful sense of orderliness in developing a security program,” says William Nesbitt, president of SMSI. “It’s geared at trying to not only have an effective security program, but to have that program be perceived as being effective. It has to do with both the appearance and the perception.” Three fairly standard principles of CPTED are Natural Surveillance, Natural Access Control, and Territorial Reinforcement. One of the foundations of Natural Surveillance is lighting. “Doing a lighting study is one of the most important pieces of the Natural Surveillance principle,” says Toby Heath, electromechanical specialist at ASSA ABBLOY. “That involves measuring the light output every 10 feet throughout parking lots and the perimeter of a building.” With natural access control, “it’s really important to minimize the points of entry to a building to one, for visitors as well as employees,” says Heath. All doors and entrances should be inspected to make sure they close completely and by themselves. Territorial reinforcement is the basic idea of where a property begins. “There is no defining property line, so to speak, so if you give cues as to where the property is and what’s under your control and maybe some signage, it helps you establish the foundational basis that you have control over this piece of land from this point inward and it’s not common area,” says Nesbitt. He also notes that CPTED should be used in tandem with more traditional methods and human behavior.

    | Web Link

« Previous Entries