Warning: Declaration of thesis_comment::start_lvl(&$output, $depth, $args) should be compatible with Walker::start_lvl(&$output, $depth = 0, $args = Array) in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::end_lvl(&$output, $depth, $args) should be compatible with Walker::end_lvl(&$output, $depth = 0, $args = Array) in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::start_el(&$output, $comment, $depth, $args) should be compatible with Walker::start_el(&$output, $object, $depth = 0, $args = Array, $current_object_id = 0) in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php on line 0

Warning: Declaration of thesis_comment::end_el(&$output, $comment, $depth, $args) should be compatible with Walker::end_el(&$output, $object, $depth = 0, $args = Array) in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php on line 0
Tech Tuesday – Security Flaws

Tech Tuesday – Security Flaws

by Frank Roche on September 28, 2010

in KnowHR

You have a big security problem right now.  What?  You have the best antivirus software on all of your employees’ computers?  Sure, that’s awesome.  You have closed off all unnecessary ports on your servers, and your data provider’s physical access protocols are top-notch?  That’s a great start.  Your laptop’s data is encrypted and you’ve installed Undercover?  Well, at least you’re getting warmer.

Crackers know that there are two approaches to getting secure data.  One of them involves using highly technical knowledge to exploit software flaws and breach computer security.  Most companies know about these, and do their best to try to forestall those breaches.  The other is far less likely to be in your mind when designing security measures, but is a  much more significant problem.

Your greatest security weakness is your employees. That’s right.  Security problems almost always start with employees giving away information they shouldn’t.

Here are some common scenarios:

  • Employees often select weak passwords.  The most popular account password is still “123456”.
  • Users sometimes give passwords to people they don’t know.  Maybe someone calls you saying he is a sysadmin.  Would you give him access to your computer?
  • Clicking on email attachments from people the employee doesn’t know, or looking at sketchy websites.  Most viruses are installed based on some action the user has performed.
  • Wanting to be polite, people can be fooled into opening a door for someone who should not have physical access into a locked building.
  • Network users may “share” access to private documents unwittingly.  This is fairly common on open wireless networks.
  • There are other great examples here.

What can I do?
Don’t go firing all of your employees!  These problems can be fixed.  The most important thing to do is educate all of your employees on secure behavior.  Secure behavior must be approached from two angles: 1) IT security policies, and 2) employee education.  For example, you don’t want to create a secure password policy, and still have your employees write their passwords down on a sticky note on their desk.

Here are some simple security policies you can employ:

  • Have your employees create a password that is at least 8 characters long (longer is better, of course), consists of upper- and lower-case characters, and has at least one special character.  Then, make sure employees must change it regularly.  Finally, make it so that no one can see these passwords in plain text.  If someone forgets theirs, they must use a reset process.
  • All of your employees must know they should never give their network password to anyone, not even someone claiming to be from your company.  Your administrators must never ask employees for this information; if they need to log in as the user, they should have the employee do so for them.
  • This should go without saying, but you should advise employees never to open email attachments from people they don’t know, or click on links they aren’t sure about.  In addition, robust antivirus software is a must.
  • As painful as it is to be impolite, employees must be trained not to let people into the building who are unknown to them.  It is even better if you can employ security people for the main entrance.  Employee training should include not leaving the “smoking” door propped open.
  • Have IT set the sharing for employee computers by default, and explain the consequences if these settings are changed.  Obviously, an open wireless network is an issue and should not be allowed.

Properly educated employees are also your best security asset
There are hundreds of other ways for a skilled person to use social engineering to gain access to your confidential data.  You can’t plan for all of these.  Given adequate security training, however, employees should be trusted to make reasonable judgements about situations that are worrisome.  If they have questions, encourage them to speak to their managers or IT.

{ 2 comments… read them below or add one }

Fatal error: Uncaught Error: Cannot assign by reference to overloaded object in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php:187 Stack trace: #0 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php(47): thesis_list_comments() #1 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php(31): thesis_comments->comments(Array, 4) #2 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/comments.php(25): thesis_comments->output_comments(Array, Array) #3 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-includes/comment-template.php(1161): require('/nfs/c10/h13/mn...') #4 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/loop.php(102): comments_template() #5 /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/loop.php(18): thesis_loop->single() #6 /nfs/c1 in /nfs/c10/h13/mnt/143652/domains/knowhrplus.com/html/wp-content/themes/thesis_185/lib/classes/comments.php on line 187