Protecting Corporate Data

Protecting Corporate Data
There was a time when the biggest privacy concern an employee had was someone reading over their shoulder. But as companies rely ever more on IT systems that enable workers to communicate and collaborate with clients and corporate peers anywhere in the world, the chances of a hacker compromising those systems increases exponentially. Unfortunately, there is no single magic security bullet. Ensuring company security is now a multi-faceted strategy that falls under an organization’s overall IT security infrastructure.

Information of all kinds can be found in the corporate work place these days:

• Intellectual property

• Business notes and strategies

• Client information

Employers need to make sure all three areas are protected from hacking or theft. The best approach is a combination of software solutions and employee education.

Network Access Protection
A number of different developers and manufacturers have developed technology solutions in an area known as Network Access Protection (NAP). The idea behind NAP is basic: to protect business computers from malware and to ensure that they minimally comply with organizational standards before they can access shared network resources; in other words, to keep out external enemies without restricting an employee’s ability to conduct business.

While your employees may be using state of the art programs and operating systems on their work PCs, they may need to remote access from other locations.. The world is full of home or remote computers teeming with spyware or other backdoor threats that can at best access and at worst steal all kinds of personal or work-related information. NAP systems try to ensure that this unwanted software stays off any machine accessing corporate resources.

NAP works by acting as a kind of cyber insurance. It enables a company to define an outside computer’s “health” requirements, such as running up-to-date operating systems. Once the list of health requirements is set, NAP prevents access to any computer not in compliance.

While handy and a good first line defense, NAP does not stop hackers – if a hacker’s computer meets the health requirements, it is allowed access. So other second and third line defenses are necessary. Among the most common are firewalls, which act as security sentries, only allowing authorized data to pass through, and intrusion-detection and intrusion prevention systems, which look for the telltale “signatures” of malware and block it.

Other valuable security measures include:

• Anti-virus software

• Enforcing a company-wide security policy that includes employee education

• Regularly updating Operating Systems to keep security patches up-to-date

• Limiting employee rights and permissions to install software on their own PCs

• Limit network services and only install essential features that will be updated regularly

• Limit employees to software directly used in their jobs

Having a knowledgeable and vigilant work force is another key to business security. Rather than burying employees under a barrage of rules and regulations, sometimes the most basic practices can be the most valuable.

First and foremost is to stress the importance of not giving out passwords and user names – to anyone. Explain how sharing company passwords and usernames is the corporate version of handing out a bank account number or debit card code to a handful of friends – it is inviting theft.

Some companies have policies that require employees to change their passwords monthly.

However, there are IT security experts who think that while good intentioned, the rule may be counter-productive. Constantly changing passwords makes it more likely the employee will forget what the latest password is. That leads to them writing the password down somewhere, which creates an increased security risk.

The better solution is educating workers on how to create a super secure password that they keep for an extended period.

The best passwords have:

1. A combination of letters and numerals

2. At least 8 characters

3. Are NOT based on personal information such as a birthday or anniversary date

A number of systems now support extremely long passwords. This allows employees to use whole sentences for their passwords. Passwords of this length are much more difficult to crack.

Employees also need to be educated on the important of limiting the software on their computers and rarely-used features on the software they do have. What sounds a bit Draconian is actually a preventative measure – rarely used software and features are less likely to be updated for security patches, thereby increasing overall risk.

By developing, implementing, and enforcing a multi-tiered IT security policy, you can protect company security without sacrificing productivity or breaking the bank.