Internet Security Ignorance Leads To Critical Data Leak Challenges

Data Leak

What happens when you forget to lock the doors before going out of town for the weekend? The lock itself is not going protect your house unless you use it. The same applies in the cyber world.

At times people tend to be lethargic about their security thinking their laptop doesn’t have anything that a hacker might want, but when the same laptop with compromising backdoors and infections enters a corporate network and establishes connections with several other users and servers there, it becomes a bridge, a catalyst to bigger catastrophes.

Individual users and network administrators must never forget that their best hardware and software protection can be thwarted by a single user who is lazy about his system’s security, they must always be mindful of the following to fight the challenge of data leak due to ignorance.

Hardware Firewalls

if you have a number of users to handle and if your budget allows always go for a good hardware firewall which allows centralised network security. It reduces the dependence on reliability of the security related skills and awareness of individual users.

They may still have software firewalls installed on their computers, but if they are not keeping it upgraded or gave an uninformed or misjudged response when their firewall asked them to permit an activity, they may compromise the network. A centralised hardware firewall maintained by an expert in that case provides better protection to the network.

Policy-Based Email Encryption

Taking the responsibility away from users to judge which emails should be encrypted, the administrators should, whenever possible, enforce policy-based encryption which automatically encrypts every email correspondence whenever it is required.

Password Policies

This is always the first stop. Each and every user should take it upon themselves the responsibility of protecting their passwords. Simple measures include, keeping passwords hard to guess. If your current password is a variant of your mother’s maiden name, well it falls into the category of the easiest to guess passwords. Audit your passwords using utilities like howsecureismypassword.net.

Also if you are in the habit of using a single password for a number of services, make sure you don’t have any orphan/unused profiles or accounts on sites which are just waiting to be hacked by someone. Delete all such information about yourself from the net.

Wi-Fi

Make sure your Wi-Fi corporate network range is confined within the office premises. Use directional antennas to keep it from being accessible to a piggy backer. Also ask the users to keep their residential Wi-Fi is on WPA2 encryption, you can’t expect individual users to know how to or care for using directional antennas but WEP encryption is an absolute invitation to trespassers.

Devices

If possible keep schedule periodic security audits to user’s mobiles and devices, offer it them as a help. Individual users themselves should realise that devices are becoming more and more powerful and are used for the most security critical tasks like bank transactions etc. If a mobile phone or a device has for an instance a malicious key logger, not only will it cause great strife to the user but also create all sorts of precarious situation to the network it accesses.

In a multi user environment, to eliminate the threat of losing critical data due to one user’s ignorance regarding security issues, apart from the measures discussed above, it is always a good idea to keep giving yourself and the users general security awareness reminders like not using borrowed external drives in office, not opening grey sites, not exchanging official hardware without clearing it off of all critical information, not landing your system to anyone, keeping a separate system for personal use if possible etc.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Saimara Rogers

Samaira Rogers is security geek and very passionate about security software and Internet technologies. She spends most of her time reading about emerged technologies and latest software and also maintains her own blog. Samaira loves participating in the social Web, has been active in social forums.

  • TheGreenBow Software

    Rules defined by administrators to force encryption when sending to a specific domain is valuable. however, additional rules should be possible to adapt to local business constraints. for example, all emails to my new partner must be encrypted.

    those are features we scheduled in CryptoMailer. Any thoughts?

  • Gaudis Perrot

    We were looking for one platform for our users to manage their web projects from, something along the lines of a CMS and portal. We found Centralpoint by Oxcyon. At first we had our doubts because we thought the software was for the healthcare industry. Security was one of our biggest concerns but we knew if Centralpoint was used in the healthcare field that it would have a way to create roles and permission securely. Centralpoint made the transfer of data easy. It was nothing like the base model of other systems. It included things like taxonomy, rights management, Data Warehousing, Single Sign On, and Email Broadcasting. We found that Centralpoint was the right alternative for us.