Security: The Goodwill Virus That Keeps On Giving

The Goodwill Virus

When Caitlyn Jenner officially introduced herself to the world by way of a Vanity Fair cover story in June 2015, the event was unique not only for the groundbreaking content but in the way it was produced. It delivered a very powerful lesson about computer security for corporate decision-makers in all industries. Given that the story was so exclusive, it was written and produced on a single laptop computer that was kept off-line, and separated from networks and the Internet. The finished product was hand delivered, essentially turning the computer back to the type of standalone PC that has become virtually unheard of in the Wi-Fi era.

The extremes to which the Vanity Fair team had to go to ensure secrecy are not, of course, practical in day-to-day business, but they illustrate the gaping holes that exist in network security generally, despite the efforts of a global army of highly trained and knowledgeable security specialists. Whether it is access to an exclusive story or a company’s client list or confidential data, the enemy is not only at the door; it is also relentlessly seeking to break it down, dissolve it, remove it or skirt it. The enemy is always trying to get in.

One of the most significant threats to an organization’s data security comes in the form of human goodwill. Put another way, it is a natural tendency for most people to act in an honest, trusting manner, focused on just getting their work done. This human weakness essentially lurks inside the networks and databases of organizations, passive and innocent, waiting to be preyed upon.

BYOD Security Concerns

BYOD is a perfect example of this. Employees the world over rejoice at the concept of being able to use their own devices to keep up with the tasks, documents and emails of daily life. To access company files from a centralized folder system, or to check calendars and email from a mobile phone, or from a free public Wi-Fi space at a coffee shop or airport, seems to make life a little easier.

Yet these are precisely the types of activities that make IT security specialists cringe. Personal mobile phones seldom have the up-to-date security features required to prevent a hacker from making the leap from that device into the arteries of a company’s central network. A personal smartphone can spend half its time as a business tool, with the other half as a device of leisure. As a result, individual apps and games rub shoulders with sensitive corporate information, and such contact is a fertile breeding ground for infection.

Recharging Stations

Shopping malls, airports and hotels offer charging stations for smartphones. Busy people gravitate to them with relief once they see their battery power start to drain. These same people would never think of taking a drink from someone else’s bottled water. They would never double-dip their tortilla chip at the office party. Yet they do not think twice about plugging their phone into a free, public charging station or hotel docking station. These charging jacks can potentially deliver far more than an electrical charge, though. Like many other points of connection in the world, the task we expect it to do is the only one we think about. In most cases, though, there is far more that it can and will deliver.

Passwords

Innumerable case studies exist of inadequate password maintenance, including passwords not modified after a security sweep and upgrade. People do not see past the immediate task to realize that actions, messages and keystrokes last forever. A bad guy can easily connect a mislaid password to an email, and then to a Facebook posting, building a profile with which they can impersonate someone, or send a distracting or troubling message that opens the door.

Most people are, by nature, trusting and good. This is an exploitable weakness. As a society we have trained our children to be aware of strangers, to be aware of allergy-inducing foods, and to be sensitive to harmful language and behavior in the classroom. Yet the busy-ness of the Workplace has suppressed this vigilance among adults in general. Consequently, we use technological conveniences such as USB drives, insecure phones, and file-sharing technologies to counter the never-ending pressure of time and deadlines.

Corporations must look extremely closely at implementing a separation of personal and corporate devices and information. It may be important, even essential, to respect a BYOD policy as an employee’s right, but the price for such convenience comes in the form of doubled, or even tripled, vigilance and hygiene, paired with regular updates and physical training.

A great deal of the bad stuff that happens to our network systems and our companies is human-made, as opposed to a malignant technical failure. As such, it is up to humans to bolster their immunity not only physically, but intellectually. This demands a higher standard of mistrust and precaution, from the simplest text message, upwards to every activity that follows.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
Juan Pablo Perez Etchegoyen

Key Considerations for Keeping Mission-Critical Cloud Applications Secure and Compliant

Keeping Cloud Applications Secure and Compliant According to reports, nearly 70% of enterprises were moving mission-critical business functions and processes to the cloud before the pandemic. In today’s new normal, that number has skyrocketed. Organizations ...
Ronald van Loon

Accelerating AI, Cloud, 5G, and IoT Innovation

Artificial Intelligence (AI), Cloud, 5G, and IoT are continuously advancing innovation that extends across business development all the way down to the consumer level. Critical innovations are emerging from the escalation of new technologies, including ...
Automate Order Fallout Resolution Using Self-healing Framework

Automate Order Fallout Resolution Using Self-healing Framework

Automate Order Fallout Resolution Using Self-healing Framework to Accelerate Resolution Time by 98% Most Digital Service Providers (DSPs) face a common challenge of meeting due dates for their customer orders. The instability and delay in ...
Daniela Streng

Preventing IT Outages and Downtime

Preventing IT Outages As businesses continue to embrace digital transformation, availability has become a company’s most valuable commodity. Availability refers to the state of when an organization’s IT infrastructure, which is critical to operating a ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.