Security: The Goodwill Virus That Keeps On Giving

The Goodwill Virus

When Caitlyn Jenner officially introduced herself to the world by way of a Vanity Fair cover story in June 2015, the event was unique not only for the groundbreaking content but in the way it was produced. It delivered a very powerful lesson about computer security for corporate decision-makers in all industries. Given that the story was so exclusive, it was written and produced on a single laptop computer that was kept off-line, and separated from networks and the Internet. The finished product was hand delivered, essentially turning the computer back to the type of standalone PC that has become virtually unheard of in the Wi-Fi era.

The extremes to which the Vanity Fair team had to go to ensure secrecy are not, of course, practical in day-to-day business, but they illustrate the gaping holes that exist in network security generally, despite the efforts of a global army of highly trained and knowledgeable security specialists. Whether it is access to an exclusive story or a company’s client list or confidential data, the enemy is not only at the door; it is also relentlessly seeking to break it down, dissolve it, remove it or skirt it. The enemy is always trying to get in.

One of the most significant threats to an organization’s data security comes in the form of human goodwill. Put another way, it is a natural tendency for most people to act in an honest, trusting manner, focused on just getting their work done. This human weakness essentially lurks inside the networks and databases of organizations, passive and innocent, waiting to be preyed upon.

BYOD Security Concerns

BYOD is a perfect example of this. Employees the world over rejoice at the concept of being able to use their own devices to keep up with the tasks, documents and emails of daily life. To access company files from a centralized folder system, or to check calendars and email from a mobile phone, or from a free public Wi-Fi space at a coffee shop or airport, seems to make life a little easier.

Yet these are precisely the types of activities that make IT security specialists cringe. Personal mobile phones seldom have the up-to-date security features required to prevent a hacker from making the leap from that device into the arteries of a company’s central network. A personal smartphone can spend half its time as a business tool, with the other half as a device of leisure. As a result, individual apps and games rub shoulders with sensitive corporate information, and such contact is a fertile breeding ground for infection.

Recharging Stations

Shopping malls, airports and hotels offer charging stations for smartphones. Busy people gravitate to them with relief once they see their battery power start to drain. These same people would never think of taking a drink from someone else’s bottled water. They would never double-dip their tortilla chip at the office party. Yet they do not think twice about plugging their phone into a free, public charging station or hotel docking station. These charging jacks can potentially deliver far more than an electrical charge, though. Like many other points of connection in the world, the task we expect it to do is the only one we think about. In most cases, though, there is far more that it can and will deliver.

Passwords

Innumerable case studies exist of inadequate password maintenance, including passwords not modified after a security sweep and upgrade. People do not see past the immediate task to realize that actions, messages and keystrokes last forever. A bad guy can easily connect a mislaid password to an email, and then to a Facebook posting, building a profile with which they can impersonate someone, or send a distracting or troubling message that opens the door.

Most people are, by nature, trusting and good. This is an exploitable weakness. As a society we have trained our children to be aware of strangers, to be aware of allergy-inducing foods, and to be sensitive to harmful language and behavior in the classroom. Yet the busy-ness of the Workplace has suppressed this vigilance among adults in general. Consequently, we use technological conveniences such as USB drives, insecure phones, and file-sharing technologies to counter the never-ending pressure of time and deadlines.

Corporations must look extremely closely at implementing a separation of personal and corporate devices and information. It may be important, even essential, to respect a BYOD policy as an employee’s right, but the price for such convenience comes in the form of doubled, or even tripled, vigilance and hygiene, paired with regular updates and physical training.

A great deal of the bad stuff that happens to our network systems and our companies is human-made, as opposed to a malignant technical failure. As such, it is up to humans to bolster their immunity not only physically, but intellectually. This demands a higher standard of mistrust and precaution, from the simplest text message, upwards to every activity that follows.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the world has started realizing its capabilities and integrating cloud strategies ...
Ajay

Deep learning to avoid real time computation

Avoid real time computation “The underlying physical laws necessary for the mathematical theory of a large part of physics and the whole of chemistry are thus completely known, and the difficulty is only that the ...
Aarti Parikh

Serverless Multi-Tier Architecture on AWS

Serverless Multi-Tier Architecture Multi-tier Architecture Multi-tier Architecture is also known as n-tier architecture. In such architecture, an application is developed and distributed in more than one layer. The number of layers depend on business requirements ...
Mary

Leveraging Carrier Ethernet For A Better Connection

Leveraging Carrier Ethernet Determining the Best Cloud Connectivity Solution With the Cloud only being as good as employees’ ability to effectively access it, the overall user experience depends highly on enterprise network connectivity. Today, the ...
Aruna Headshot

Predictions for Innovating, Transforming and Enabling Workplace Transformation

My Predictions for 2019 As we think of the top Collaboration trends for the coming year, we should start by taking a look back at 2018. In 2018, Team collaboration solutions became the norm. More ...
Will Crump

The Key to a Successful M&A = Data

Successful M&A = Data Data is often the single point of failure for many organizations. Divestitures, privatization, leveraged buyouts, and management buyouts are all on the rise, but data too often remains an afterthought, rather ...