Security: The Goodwill Virus That Keeps On Giving

The Goodwill Virus

When Caitlyn Jenner officially introduced herself to the world by way of a Vanity Fair cover story in June 2015, the event was unique not only for the groundbreaking content but in the way it was produced. It delivered a very powerful lesson about computer security for corporate decision-makers in all industries. Given that the story was so exclusive, it was written and produced on a single laptop computer that was kept off-line, and separated from networks and the Internet. The finished product was hand delivered, essentially turning the computer back to the type of standalone PC that has become virtually unheard of in the Wi-Fi era.

The extremes to which the Vanity Fair team had to go to ensure secrecy are not, of course, practical in day-to-day business, but they illustrate the gaping holes that exist in network security generally, despite the efforts of a global army of highly trained and knowledgeable security specialists. Whether it is access to an exclusive story or a company’s client list or confidential data, the enemy is not only at the door; it is also relentlessly seeking to break it down, dissolve it, remove it or skirt it. The enemy is always trying to get in.

One of the most significant threats to an organization’s data security comes in the form of human goodwill. Put another way, it is a natural tendency for most people to act in an honest, trusting manner, focused on just getting their work done. This human weakness essentially lurks inside the networks and databases of organizations, passive and innocent, waiting to be preyed upon.

BYOD Security Concerns

BYOD is a perfect example of this. Employees the world over rejoice at the concept of being able to use their own devices to keep up with the tasks, documents and emails of daily life. To access company files from a centralized folder system, or to check calendars and email from a mobile phone, or from a free public Wi-Fi space at a coffee shop or airport, seems to make life a little easier.

Yet these are precisely the types of activities that make IT security specialists cringe. Personal mobile phones seldom have the up-to-date security features required to prevent a hacker from making the leap from that device into the arteries of a company’s central network. A personal smartphone can spend half its time as a business tool, with the other half as a device of leisure. As a result, individual apps and games rub shoulders with sensitive corporate information, and such contact is a fertile breeding ground for infection.

Recharging Stations

Shopping malls, airports and hotels offer charging stations for smartphones. Busy people gravitate to them with relief once they see their battery power start to drain. These same people would never think of taking a drink from someone else’s bottled water. They would never double-dip their tortilla chip at the office party. Yet they do not think twice about plugging their phone into a free, public charging station or hotel docking station. These charging jacks can potentially deliver far more than an electrical charge, though. Like many other points of connection in the world, the task we expect it to do is the only one we think about. In most cases, though, there is far more that it can and will deliver.

Passwords

Innumerable case studies exist of inadequate password maintenance, including passwords not modified after a security sweep and upgrade. People do not see past the immediate task to realize that actions, messages and keystrokes last forever. A bad guy can easily connect a mislaid password to an email, and then to a Facebook posting, building a profile with which they can impersonate someone, or send a distracting or troubling message that opens the door.

Most people are, by nature, trusting and good. This is an exploitable weakness. As a society we have trained our children to be aware of strangers, to be aware of allergy-inducing foods, and to be sensitive to harmful language and behavior in the classroom. Yet the busy-ness of the Workplace has suppressed this vigilance among adults in general. Consequently, we use technological conveniences such as USB drives, insecure phones, and file-sharing technologies to counter the never-ending pressure of time and deadlines.

Corporations must look extremely closely at implementing a separation of personal and corporate devices and information. It may be important, even essential, to respect a BYOD policy as an employee’s right, but the price for such convenience comes in the form of doubled, or even tripled, vigilance and hygiene, paired with regular updates and physical training.

A great deal of the bad stuff that happens to our network systems and our companies is human-made, as opposed to a malignant technical failure. As such, it is up to humans to bolster their immunity not only physically, but intellectually. This demands a higher standard of mistrust and precaution, from the simplest text message, upwards to every activity that follows.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Sangeeta Chhabra

What Accountants Should Know About The Cloud

Cloud Accounting Cloud technology has been at the top of the charts of new-age technologies for a long time now. Almost every industry in the world has started realizing its capabilities and integrating cloud strategies ...
Tunio Zafer

Questions To Ask Every Cloud Storage Provider

Cloud Storage Provider Questions As with many new technologies, attitudes toward cloud storage vary. Telephones were immobile; wearables perhaps unwarranted. And now, the global cloud storage market was estimated at $21.1 7 billion in 2015, ...
Martin Mendelsohn

How Will COVID-19 Impact Security Talent?

New Security Talent As we emerge from the era of COVID-19, unemployment will recede, and new jobs will be created more rapidly than jobs were lost between March and May of this year. We’re already ...
Data Web Accessibility

Protecting Yourself from the Rise in Ransomware this Holiday Season

Rise in Ransomware The Baltimore Public Schools system was already dealing with pandemic learning conditions when it was hit by a ransomware attack the day before Thanksgiving. School officials were calling it a "catastrophic attack ...
Bittitan

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for many companies, but with millions of employees working from home, there’s an even greater need to migrate. Mark Kirstein, VP ...
Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with Microsoft and AWS for better customer success. Apple is partnering ...