Some Notes from our Security Seminar

Thanks to everyone who came to our security seminar on Wednesday. It was great talking with everybody about the latest trends in security. Check out our slide deck here (PDF) if you’d like to refresh your memory.

security seminar

We particularly enjoyed the conversations we had following the presentations during the Q&A time, so we wanted to share them here.
Q: I have customers and employees who are using their phones on our WiFi network. Should I be concerned?
Yes. When you visit a Starbucks and hop on their wireless network, do you think you have access to their corporate intranet? Of course not.
Your business should treat wireless in the same way: as a separate, guest network. By doing so, you can protect your data and your resources. Phones can wreak havoc on your wireless network, and even legal uses like streaming music and video require a lot of bandwidth. Worse, some phones–especially Android phones–may carry malware that could compromise your network. Don’t risk it.
Some of our customers set up a DMZ for wireless access, creating a gated community for WiFi traffic. Others set up a completely separate line to serve wireless devices.
Q: What about plugging mobile phones into a computer to charge them?
Like any other USB device, phones can pose a security risk to your network. In fact, some customers disable USB ports on network-attached computers entirely to avoid these kinds of threats.

Wall chargers are safer and, in many cases, faster than charging by computer.

Q: Some of the steps we take to improve network security are unpopular with employees and, at times, ignored. Any advice?

In our experience, this is not a battle IT can fight alone. By getting Human Resources involved in the education — and enforcement — process, it’s easier to make the case that security measures are important, not arbitrary. Take the steps necessary to ensure compliance, and formalize the process so your expectations are clear. Circumventing security should be a dismissible offense.

Q: Our off-site backup solution involves carrying a tape backup or drive home with me. Does it still need to be encrypted?

Absolutely, yes. Savvy thieves will know that the hard drive in your purse or briefcase may be worth far more than the cash in your wallet. Unencrypted drives are easy to mount, making critical data easy to access.

Q: Some of our employees share terminals — and passwords. Should I be concerned?

It depends. We talked a bit about how hackers use “lilypad” tactics to make it difficult for people to track them. If there’s a breach, it’s more difficult to find out what happened when employees are sharing terminals and logins. But there isn’t necessarily a problem, so in some cases it may be enough to simply be aware of which computers/logins are being shared and take the appropriate precautions.



Finally, here are some of Kurt’s favorite security resources: