Fighting Cyber-Threats

 
 
By Shane Caniglia  |  Posted 2012-07-18
 
 
 
 By Shane Caniglia

According to McAfee Global Threat Intelligence, “malicious URLs, viruses, and malware have grown almost sixfold in the last two years, and last year saw more new viruses and malware than all prior years combined.”

In its latest report, Threat Predictions 2012, the global team of security experts at M86® Labs states that, “targeted attacks will increase next year with a higher level of complexity, exploiting stolen digital certificates, using zero-day attacks [software vulnerability exploits for which security fixes from the vendor are not yet available] and multi-stage attacks.” 

Security is an increasing priority at organizations worldwide, and it’s no longer confined to the server room walls. Instead, managing security and privacy involves everyone at your organization. But as threat levels rise and more viruses attack your systems, are you doing everything possible to control security threats?

What Your Tech Team Can Do

Let’s begin with your tech team and one of the most vulnerable areas, email. When people at your organization communicate corporate information within an email, this data is often loosely secured. To attempt to secure these communications, you should employ systems either hosted outside or on-premise that offer a way to contain the project and communication channels. Examples include ApolloHQ, BaseCampHQ, FreedCamp, GoPlanApp, Central Desktop and Yammer.

Also, you should implement technologies that scan all mailboxes and transports for keywords that may seem like an intellectual property breach—and monitor the data carefully. For file exchanges, use an outside file repository with a logging component like Dropbox or Google Docs. That way, you can track current and historic access and use of each file accordingly. 

If you are not already doing so, encrypt connections with SSL/TLS Certifications whenever possible and implement a spam filtering and technology system to help protect from email viruses, spam and phishing attempts such as: SPAMfighter Pro, CloudMarkDesktopOne Pro, Barracuda and MailWasher Pro 2012.

To control the distribution and access to your intellectual property, consider using a Secure FTP service on premise. This encrypts commands and data so that private information is protected while being transmitted over the network.

At the same time, implement firewalls and load balancers in front of your Web farm to inspect packets and connections from Website visitors. By doing so, you can optimize resources and avoid overload, while blacklisting offending visitors who try to infiltrate your system.

These are just a few examples, and you should always be looking for new ways to increase security levels at your organization. But this is not enough. While you can take all of the precautions necessary using the latest technology advancements, none of this will do much good if you don’t communicate security concerns and procedures with your entire organization. 


What Employees Can Do

While security issues may come as second nature to you, remember that employees outside your department are focusing on their core priorities and goals for the organization—not yours. With this in mind, create processes to educate employees about threats, viruses and security vulnerabilities within your organization. Start by setting up departmental meetings to discuss privacy issues and what all employees can do to help the company stay secure.

You may begin by reviewing Website and email processes. If you have a system by which you track everything your employees do online, be sure to let them know. This will cut down on unnecessary Web surfing, personal emails and other online activities that take away from productivity and produce a potential threat to the organization’s security.

Also inform employees about email attachments. While you may have systems running that do not allow potentially unsafe or private attachments to be opened, employees may be unaware of the risks involved.

Let staff know that you have security processes in place, but it’s up to them to carefully review attachments or run them through anti-spam software prior to opening them. Also, remind them to contact your department whenever they receive a strange email or know of a potential security breach.

Once the initial educational process ends, don’t stop there. Create an ongoing learning process to keep security top of mind. This may include monthly meetings or newsletters that review current threats and activities, the latest technologies the company has implemented and other important security notes.

New-hires should be notified of rules and expectations at the beginning of their employment to prevent bad habits from forming that may jeopardize security. You may even consider creating contests or special events to build awareness about security and privacy issues at your organization.

While you can use all of the technologies available to avoid security threats at your organization, that is not enough. Your efforts are only as good as the people running and using the processes put in place.Without a solid team—and respect for each other and the business—breaches in security and privacy will undoubtedly occur. As a technology leader at your organization, it’s up to you to create practices that not only help increase security and privacy, but also inform and educate everyone involved on a regular basis.

Shane Caniglia is the director of technology at The Rich Dad Company. He can be reached at customerservice@richdad.com.