• How to Bolster Data, Physical Security to Make Threats Go Elsewhere
    eWeek (12/07/15) Rash, Wayne

    Having adequate security requires organizations to think about the risks they are most likely to face and the resources they expect to have on hand. In addition to foreign hackers, risks could include someone sitting in the reception area who has connected via an Ethernet port and launches a man-in-the middle attack on the Wi-Fi router. Organizations need to examine who would benefit if it underwent a disruption, such as stolen server or a former employee connected to the network to download trade secrets. Organizations also need to conduct what security experts call “security in depth” or “defense in depth.” One expert recommends housing a server in a room with a solid door and a lock that requires a passcode to enter. An alarm should sound if the door is opened without the passcode or if someone enters the wrong code more than twice. Side doors or doors to the loading dock should be similarly equipped with secure locks and have alarms that go off if someone forces open the door, enters the wrong code, or if the door is propped open longer than a fixed time. The alarms should connect with the organization’s security control center, but if nothing happens, then they should automatically roll over to the police department. The receptionist should be an armed security guard who controls the locks in doors that lead further into the building, and unless someone shows the right ID or gets past the badge reader, they cannot enter.

    Web Link

  • Post-Paris, a Fundamental Rethink of Corporate Security Is In Order
    Forbes (11/30/15) Udell, Bill

    The recent attacks in Paris should push business leaders to incorporate security concerns into everyday operations, writes Bill Udell, a former CIA operations officer and the Los Angeles-based Senior Managing Director for crisis and security consulting at Control Risks. Because Islamic State is focused more on setting off numerous attacks than specific, “quality” targets, this means that any place where large groups gather could be at risk. The consequences of mismanagement are also harsher, Udell says, and so organizations must take care to protect their staff and assets. Corporations have reacted to the Paris attacks by placing “quick-fix” security support around their travelers and expatriates, and some are canceling corporate travel. In the longer-term, corporations will probably focus more on threat and risk monitoring, including their profiles, geographical locations, and personnel exposures. They will also focus on risk management and governance, increase their care of business travelers, reexamine security at facilities that were once considered low-risk, and may allow security departments to become more involved in employee screening. Organizations also should test and refresh their crisis-management plans to account for new, potential terrorism scenarios.

    Web Link

  • How to Secure Corporate Data in Post-Perimeter World
    eSecurity Planet (11/12/15) Webber, Chris

    With employees increasingly moving to the cloud and taking corporate data with them, the traditional enterprise security perimeter is no longer enough. IT leaders should adopt a new approach to protecting critical information that is focused on identity management and allows IT to follow its users as they move across networks, apps, and devices. To start, IT leaders should find a solid federated identity solution that can extend across all the apps and devices users need, while allowing them the convenience of a single-sign-on solution. Such solutions eliminate the need for users to have multiple accounts and passwords for every app and device, which creates numerous points of weakness attackers can target. Next, critical apps that handle sensitive data should be even more secured, ideally by using multi-factor authentication. Lost or stolen devices are also a serious threat, so whatever identity solution IT selects should ideally include the ability to locate, lock, or erase lost or stolen devices. Finally, it should be easy to both assign and revoke credentials to users. Automating the provisioning and deprovisioning process is ideal, but at the very least there should be a specific individual in charge of tracking users access to apps and removing that access upon the employee’s departure.

    Web Link | Return to Headlines

    Survey: How Wearables and IoT Are Impacting BYOD
    ZDNet (11/09/15) Matteson, Scott

    A majority of companies now use bring your own device (BYOD) policies in the workplace. These new concepts, ranging from wearables to personal employee-owned phones, have the potential to further influence and change the BYOD trend by making it more complex. A survey from Tech Pro Research found that nearly three-quarters of organizations allow BYOD, with security concerns ranking as the biggest impediment to implementation. IT and educational companies were most likely to permit BYOD and the government was the most likely to prohibit it. Smartphones and tablets were the most common devices. Small companies were the most likely to have included Internet of Things (IoT) devices into their BYOD plans. Interestingly, 78 percent indicated that BYOD policies had no effect on IT costs. Securing these devices remains a sticky issue for many companies, but the improved communication, better organizational capabilities, and enhanced productivity are causing many companies to overlook the negatives and focus on the immediate positives.

    Web Link

  • 4 ‘Gotchas’ That Could Derail Your Front Entrance Security Upgrades
    Campus Safety Magazine (10/15/2015)

    When deciding on campus entry solutions, there are several criteria that organizations may not consider. Before installation, purchase decisions often consider security, aesthetics, and return on investment (ROI). After the new entry solution is installed, then throughput, training, service, and safety must be priorities. Throughput involves how quickly authorized individuals can enter; organizations should carefully calculate the requirements for their entrances, including rush hour periods, deliveries, and wheelchairs. Training is important for long-term success, and should be provided by manufacturers for their products, along with some form of certification. During and after installation, the level of service can affect continued operations and ROI. Before the purchase of an entry solution, organizations should ask how a product prevents entrapment or contact, and how it responds to those events. Campus culture is another factor to consider when implementing a new entry solution, such as how concerned people are for their personal safety, and whether high employee or student turnover requires recurring training.

    Web Link

« Previous Entries   Next Entries »