Thanks to everyone who came to our security seminar on Wednesday. It was great talking with everybody about the latest trends in security. Check out our slide deck here (PDF) if you’d like to refresh your memory.
Q: I have customers and employees who are using their phones on our WiFi network. Should I be concerned?
Q: What about plugging mobile phones into a computer to charge them?
Wall chargers are safer and, in many cases, faster than charging by computer.
Q: Some of the steps we take to improve network security are unpopular with employees and, at times, ignored. Any advice?
In our experience, this is not a battle IT can fight alone. By getting Human Resources involved in the education — and enforcement — process, it’s easier to make the case that security measures are important, not arbitrary. Take the steps necessary to ensure compliance, and formalize the process so your expectations are clear. Circumventing security should be a dismissible offense.
Q: Our off-site backup solution involves carrying a tape backup or drive home with me. Does it still need to be encrypted?
Absolutely, yes. Savvy thieves will know that the hard drive in your purse or briefcase may be worth far more than the cash in your wallet. Unencrypted drives are easy to mount, making critical data easy to access.
Q: Some of our employees share terminals — and passwords. Should I be concerned?
It depends. We talked a bit about how hackers use “lilypad” tactics to make it difficult for people to track them. If there’s a breach, it’s more difficult to find out what happened when employees are sharing terminals and logins. But there isn’t necessarily a problem, so in some cases it may be enough to simply be aware of which computers/logins are being shared and take the appropriate precautions.
- SANS: Twenty Critical Security Controls for Effective Cyber Defense
- Australian Government: 35 Strategies to Mitigate Targeted Cyber Intrusions
- The Recommended Security Controls for Federal Information Systems and Organizations (NIST SP 800-53)