home    |    contact us    |    reader services    |    Bookmark Us

Atlanta Business Events

» event calendar

Current Issue

November / December 2008

Mount Sustainability
It's higher than Everest, says the Atlanta businessman who, more than any other capitalist, has been scaling it for more than a decade. And he says time is short before humankind plunges into the abyss.
In For The Long Haul
With a diverse and expanding portfolioin an imploding economy, HD Supply is not only built to weather an economic firestorm, but to grow as well. CEO Joe DeAngelo doesn't know any other way.
Changing The Health Culture Of Your Workplace
Employers are feeling the pain of high healthcare costs ... and they're doing something about it.
CatalystMag.com's Top 25 Entrepreneurs + Ones To Watch
Find out who made the list!
» more
Home  | Insights  | Insights into technology - Preventing data loss

Archives

» more

» more

» more

print-friendly version
discuss this story
bookmark this page
related content

Insights into technology - Preventing data loss

Ryan English

August 1, 2008

 
sponsored by:
A s security threats of corporate networks and databases are at an all-time high, recent studies indicate most data breaches could have been prevented with reasonable security precautions. Corporate executives and security managers mustn't delude themselves into thinking they are secure.

Here are the top IT security threats, and how to guard against them:

1. Web application exposure. Web application vulnerabilities such as broken access controls and failure to properly validate inputs are threats to any organization that has a Web site, especially those that collect confidential consumer data such as credit card, social security, and drivers' license numbers. Employ a qualified security assessor to evaluate the security vulnerabilities of Web applications at least annually or any time there is a new release or major change to the application.

2. Wireless networks. Most wireless networks are installed without wireless access points being properly configured to prevent unauthenticated users from accessing the corporate networks. Become aware of any unauthorized wireless access points and shut those down immediately. Make sure wireless access points are secure. Annual wireless security assessments are recommended.

3. Ineffective firewalls. A firewall that is improperly configured or is more than a year behind in patching is as good as having no intrusion prevention system at all. Organizations should assess the current security, policies and patch levels of firewalls on a routine basis. Install patches as soon as they are available.

4. Server configuration and patching. Externally facing servers often are running older versions of software that are more easily accessible to hackers. Regularly scan all network devices and servers to check current patch levels and identify potential security vulnerabilities. Keeping patches current can lessen the likelihood that a malicious attacker could compromise the device or that they could be infected with malware.

5. Social engineering. Phishing emails and phone calls are all it takes for an attacker to gain the confidence of unsuspecting personnel who will divulge confidential information. Conduct security awareness training with employees once a year to educate personnel on dangers of social engineering, preventing unauthorized access to facilities, and the organization's policies for disseminating confidential information.

6. Malware. Malware is malicious software that infiltrates or damages an organization's computer systems. It includes computer viruses, worms, Trojan horses, rootkits, spyware, dishonest adware, and other malevolent and unwanted software. One industry source estimates that more malware was produced last year than in the previous 20 years. Your organization has exposure to malware if you don't have technology covering anti-virus, anti-spyware, encryption, intrusion detection or malware detection. Organizations should continuously monitor their network devices, firewalls and servers for potential malware. Use monitoring software or outsource the monitoring of security devices to an external security company to identify threats and issue alerts on security events to help identify potential malware attacks.

7. Malicious Web sites. Users can fall victim to phishing attacks or introduce malcode, such as spyware, into their organizations by visiting unauthorized Web sites. Create corporate policies that describe acceptable employee computer usage, such as Web access, downloads, and opening email from unknown senders. Using Web filtering technology will help ensure that users aren't introducing dangerous code into the organization's networks.

8. Mobile devices. Remote and traveling employees pose a major threat and measures should be taken to ensure data loss prevention. Laptops and other mobile devices can be lost or stolen, and along with them go confidential data, and, too often, private customer data. Every mobile device and laptop containing confidential information should be fully encrypted if organizations are to protect fully themselves.

Ryan English is VP of product management at Vigilar Inc.


Related Content:


Loading

Events | Business Resources | Real Estate | Health Care | Economic Development
Reader Services | Newsletters Signup | Terms & Conditions
Contact Us | Advertise with Us | Subscribe
Copyright © 2008 Trans World Publishing, Inc. All Rights Reserved.