Security Jungle - Part 2 of 3

Part 1 of this series, we outlined security best practices for home users that are easy to follow.
[Based widely on the “COBIT Security Baseline” – ITGI.ORG]


Security Risks

Corporate users are exposed to more serious security threats than home users. They are also responsible to maintain and follow corporate polices as implemented by their company’s security groups.

Smaller companies unfortunately do not have the capacity to employ a security group and most security controls are missing. Most owners’ security awareness goes as far as Antivirus on the desktop and possibly a hardware firewall/router at their Internet gateway. Hardening steps are non-existent and default passwords have never been changed.

The company relies on its employees to protect and safeguard Confidential and Internal information. The use of portable devices, such as laptops, USBs, CDs, DVDs, Palms, Smart Phones, has introduced new risks to corporate data. Once the employee walks out the door, corporate data leaves with the employee and is now susceptible to loss and theft.

Social engineering is on the rise again and dumpster diving a real threat.

So what are the basic steps to security every employee should know?

Familiarize yourself with your company’s security policies.

Most companies’ policies are posted on the internal network and available to you. Make sure you review the security policies when you are hired. Employees are held liable for security ‘misconduct’.

Be alert for security breaches and report security incidents

‘Out of the ordinary’ behavior is an indication of a possible security problem. Ask for guidance. Always keep your security officer’s phone handy.

Handle corporate information with care

Corporate information is for internal use. Once taken off premises, it becomes confidential and should be encrypted. The company trusts this information in your hands. Do not use it for personal purposes. Do not share Corporate information.

Secure portable devices and storage media

Do not store corporate information on such media. Ask for an encryption program to protect the information. Do not share your company’s laptop. Do not plug them on your home network without proper protection.

Use email and other software tools only for business use

It doesn’t matter if you receive unwanted email. Don’t forward jokes and other material. Anything you write will be held and used against you if necessary years later.

Find out and use corporate data destruction policies

Destroy data off media prior to shipping outside of the company. Keep or destroy hard disks when the computer is decommissioned.

Canada’s Privacy Officers may enforce penalties of up to $100,000 to companies that do not take the basic precautions to protect customer data (personal and financial data). We have all seen our top Canadian Banks in the headlines for stolen client information. Yours and mine. This is the sort of publicity any company does not want.

For a minimal investment, security companies can guide you through the process of securing your data and implementing the exact amount of security your company needs. Seek the advice of a security expert!

Security is your Insurance !

Part 3