While setting up a security
plan for a particular network, most often the big picture gets covered
ignoring small details which might prove crucial in future. If these
minute areas are ignored, the cybersecurity belt will never be
fool-proof. Here are seven such areas which usually skip IT security
officers' notice but they should make sure that all these areas are
covered in order to ensure utmost security from cyber attacks:
1. Keep a tab on your own people:
This
area is called advanced persistent threat. In the security chain the
weakest link is the end user. There are some people who are aware of the
fact that no IT security policy will be applicable to them ever. They
exploit this vulnerability too. But IT security officers should never
allow this gap happen and complying with security policies, they should
enforce the policies on everyone, irrespective of the fact who they are.
2. Escalation process should be appropriate:
Whenever
a warning arises of an impending issue, there should not be further
ignorance. But sometimes these alerts are ignored the most, leading to
bigger problems. Sometimes the person who receives the alert doesn't
have the authority to escalate it for further investigation. Sometimes
they are also not able to locate those people who have the necessary
authority. That's why a disastrous consequence cannot be avoided anyhow.
If immediate action could be taken at the very initial period, then the
devastating consequences could be avoided too. So it's very important
that every staff has the knowledge to whom an alert has to be escalated
so that proper action is taken as soon as a smallest sign of trouble
arises.
3. Additional authentication:
It's pretty
necessary but ignored most of the time. If some operation requires more
than two people and one person among them is not present to launch the
operation, then the other person should have dual authentication access
so that the operation is not delayed anyhow. Authentication system
should be appropriate everytime.
4. Have control on downloads:
IT
security professionals should be very alert about which software is
installed by employees. Keep certain limitations on admin rights on
laptops, desktops and servers. There are so many commercial products in
the market which can be downloaded by employees seamlessly. It's IT
security professionals' responsibility to check that a machine is
maintaining the ethics of a work environment.
5. Keep track of open source technologies through documentation:
A
white list is popular but not sufficient all the time. A proper request
for new software products and applications is required before
installation. If open source components are in use then proper tracking
is also required. There are several software applications which are
partially or fully based on open source codes. If components' source is
not known, then assessing the risk also gets tough and vulnerability
becomes higher.
6. Have control on using company's equipment:
Web
browsing capabilities of users must be controlled both inside and
outside the premises if company property is used. Employees might not
like web filters but compromised sites have their own vulnerabilities,
not on the face all time time. If you are supposed to protect your
network, you have to be strict Web browsing practices without any
exception.
7. Put lock on browser on take-home machines:
Web
filters are used in most cases in corporate networks. Some use client
side Web filtering and restrict uses of a computer when a laptop of
tablet has to be carried to home and worked via a private network.
Though this filtering thing is not liked by employees, but this
equipment has to be implemented for good of all, including those
employees too.
S.B., CLICK.me
Like us on Facebook: CLICK.me
Saturday, January 31, 2015
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment