Advertisement
Columns

Cybersecurity concerns

Advertisement

Gone are the days when companies can contain their data by ensuring their hardware (and more importantly confidential corporate data) remained within their premises when users signed off.

Nowadays, laptops are the norm, and mobile usage is fast overtaking these as the preferred choice of mobile professionals worldwide.

Combined with the increased internet coverage worldwide, not only does that open new markets to companies, but more importantly, it heightens security risks in every organisation. Risks that need to be anticipated and planned for.

Advertisement

Mobile usage now needs to be treated by every company as an integral part of its IT infrastructure – and have data and cybersecurity policies in place to mitigate risk. The acronym Byod—Bring Your Own Device—is now a common phrase, and every company should have a clear security strategy to deal with this. Remember that there are currently over three billion smartphones in use throughout the world.

There is no standard IT security procedure that can be used for all companies, security risks are defined by many different factors, including the geographical location of branch offices, the partial or full usage of cloud services, as well as the access made available to users throughout the company. But two common factors that can be applied to all corporate entities, and need to be carefully considered and regularly reviewed relate to users and in-house computer professionals.

Firstly, the user. By now every company should have a clear IT User Policy document that has been distributed to all users as part of their employment contract, and discussed and clarified so that all users are aware of the risks of misuse of the corporate It infrastructure.

Advertisement

It does not matter that you have the best-of-breed security technology, your users are always the weakest link. User training must be a key part of your security strategy. Users must be educated on how to think and act about security risks—both internal and external. Remember, this policy and subsequent user education is an ongoing process. For example, consider the recent ransomware attacks that were encountered worldwide—Malawi did not come out unscathed. How many of your IT staff or users know what ransomware was before it happened?

The responsibility of IT professionals is more and more leaning towards becoming proactive troubleshooters about cybersecurity, by the way, this happens to be one of the fastest growing IT career choices currently. Currently, security professionals seem to prioritise issues around backup and disaster recover, for example, how quickly they can get their organisation up and a running following hardware, software or communications failure.

Whilst, yes, this is an essential part of their responsibilities, the question they need to ask themselves is what new risks are possible – on a daily basis. Networks are very dynamic, and installing a new piece of equipment or software, or even patching software or applications, can change the security situation overnight. By the way, do not forget that old or scrapped hardware can still constitute a security risk.

Dispose of equipment carefully, if necessary, physically destroy devices such as hard drives. Security professionals advise that the most common mistakes of IT staff are overconfidence and a false sense of security.

With regard to passwords, a recent report carried out by the Wall Street Journal have shown that the currently adopted standard password practice of using a letter, a number, an uppercase, and a special character isn’t useful, and neither is the recommendation of changing your password every 90 days.

Apart from that it is very frustrating for the user, especially with the number of applications currently used by the standard user. I currently have three bank accounts, and numerous email addresses.

The frustration of changing these frequently is heartfelt – and having to record these somewhere constitutes a security risk. Roll on biometrics and further joint development work that will enable biometric enabled hardware to be recognised and trusted by financial and other systems for easier access.

In the interim, the current best practice advice is now that users should build passwords consisting of four random words strung together – easier to remember and harder to crack. Organisations should also seriously consider using two factor authentication on the systems they offer users and the public.

Facebook Notice for EU! You need to login to view and post FB Comments!
Advertisement
Show More
Advertisement

Related Articles

Back to top button
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker