hp

Security: The Goodwill Virus That Keeps On Giving

The Goodwill Virus

When Caitlyn Jenner officially introduced herself to the world by way of a Vanity Fair cover story in June 2015, the event was unique not only for the groundbreaking content but in the way it was produced. It delivered a very powerful lesson about computer security for corporate decision-makers in all industries. Given that the story was so exclusive, it was written and produced on a single laptop computer that was kept off-line, and separated from networks and the Internet. The finished product was hand delivered, essentially turning the computer back to the type of standalone PC that has become virtually unheard of in the Wi-Fi era.

unplugged-connected

The extremes to which the Vanity Fair team had to go to ensure secrecy are not, of course, practical in day-to-day business, but they illustrate the gaping holes that exist in network security generally, despite the efforts of a global army of highly trained and knowledgeable security specialists. Whether it is access to an exclusive story or a company's client list or confidential data, the enemy is not only at the door; it is also relentlessly seeking to break it down, dissolve it, remove it or skirt it. The enemy is always trying to get in.

One of the most significant threats to an organization’s data security comes in the form of human goodwill. Put another way, it is a natural tendency for most people to act in an honest, trusting manner, focused on just getting their work done. This human weakness essentially lurks inside the networks and databases of organizations, passive and innocent, waiting to be preyed upon.

BYOD Security Concerns

BYOD is a perfect example of this. Employees the world over rejoice at the concept of being able to use their own devices to keep up with the tasks, documents and emails of daily life. To access company files from a centralized folder system, or to check calendars and email from a mobile phone, or from a free public Wi-Fi space at a coffee shop or airport, seems to make life a little easier.

Yet these are precisely the types of activities that make IT security specialists cringe. Personal mobile phones seldom have the up-to-date security features required to prevent a hacker from making the leap from that device into the arteries of a company’s central network. A personal smartphone can spend half its time as a business tool, with the other half as a device of leisure. As a result, individual apps and games rub shoulders with sensitive corporate information, and such contact is a fertile breeding ground for infection.

Recharging Stations

recharging-stations

(Image Source: Shutterstock)

Shopping malls, airports and hotels offer charging stations for smartphones. Busy people gravitate to them with relief once they see their battery power start to drain. These same people would never think of taking a drink from someone else’s bottled water. They would never double-dip their tortilla chip at the office party. Yet they do not think twice about plugging their phone into a free, public charging station or hotel docking station. These charging jacks can potentially deliver far more than an electrical charge, though. Like many other points of connection in the world, the task we expect it to do is the only one we think about. In most cases, though, there is far more that it can and will deliver.

Passwords

Innumerable case studies exist of inadequate password maintenance, including passwords not modified after a security sweep and upgrade. People do not see past the immediate task to realize that actions, messages and keystrokes last forever. A bad guy can easily connect a mislaid password to an email, and then to a Facebook posting, building a profile with which they can impersonate someone, or send a distracting or troubling message that opens the door.

Most people are, by nature, trusting and good. This is an exploitable weakness. As a society we have trained our children to be aware of strangers, to be aware of allergy-inducing foods, and to be sensitive to harmful language and behavior in the classroom. Yet the busy-ness of the workplace has suppressed this vigilance among adults in general. Consequently, we use technological conveniences such as USB drives, insecure phones, and file-sharing technologies to counter the never-ending pressure of time and deadlines.

Corporations must look extremely closely at implementing a separation of personal and corporate devices and information. It may be important, even essential, to respect a BYOD policy as an employee's right, but the price for such convenience comes in the form of doubled, or even tripled, vigilance and hygiene, paired with regular updates and physical training.

A great deal of the bad stuff that happens to our network systems and our companies is human-made, as opposed to a malignant technical failure. As such, it is up to humans to bolster their immunity not only physically, but intellectually. This demands a higher standard of mistrust and precaution, from the simplest text message, upwards to every activity that follows.

For more on this topic, go to businessvalueexchange.com, sponsored by Hewlett Packard Enterprise.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
R.I.C.E: Reducing Cost, Improving Compliance, Controlling Data, Enhancing Experience

R.I.C.E: Reducing Cost, Improving Compliance, Controlling Data, Enhancing Experience

R.I.C.E Therapy for Next Generation Customer Experience As industries worldwide adapt to the digital transformation that is modernizing many business ...
Through the Looking Glass: 2017 Tech and Security Industry Predictions

Through the Looking Glass: 2017 Tech and Security Industry Predictions

2017 Tech and Security Industry Predictions As we close out 2016, which didn’t start off very well for tech IPOs, ...
Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Private Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle ...
The Coming of Cloud Ended the AI Winter

The Coming of Cloud Ended the AI Winter

The Coming of Cloud Use Alexa, Siri, or Google Home? They are AI’s – Artifical Intelligences. Today, AI is in ...
GDPR – A Change in the Making

GDPR – A Change in the Making

Organizations all over the EU must be aware by now that the Data Protection Act (DPA) will be changed into ...
Bill Schmarzo’s Top 2017 Big Data, Data Science and IOT Blogs

Bill Schmarzo’s Top 2017 Big Data, Data Science and IOT Blogs

Big Data, Data Science and IOT Blogs To put us on the path for a successful and engaging 2018, here ...
If Not Managed Correctly, The Cloud Can Cost An Organization

If Not Managed Correctly, The Cloud Can Cost An Organization

Cloud Application Management When organizations implement cloud applications, they do so as a means to be more efficient and in ...
5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

Accountant Cloud Tools Digital tools and software have become an inseparable part of any accountant's profession. There are software for ...
Ensuring Cloud Authorizations Are Correct

Ensuring Cloud Authorizations Are Correct

Cloud Authorization Almost all organizations in every industry now use some type cloud application. This is because of cost, efficiency, ...
Four Trends Driving Demand For Data Security In 2017

Four Trends Driving Demand For Data Security In 2017

Data Security Trends 2017 will be a hallmark year for security in the enterprise as all industries have reached a ...