Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 11
Page 12
Page 13
Page 14
Page 15
Page 16
Page 17
Page 18
Page 19
Page 20
Page 21
Page 22
Page 23
Page 24
Page 25
Page 26
Page 27
Page 28
Page 29
Page 30
Page 31
Page 32
Page 33
Page 34
Page 35
Page 36
Page 37
Page 38
Page 39
Page 40
Page 41
Page 42
Page 43
Page 44
Page 45
Page 46
Page 47
Page 48
18 verdict Volume 1 2015 continued on page 19 They generally have full access to the system. IT staff know how to cover their tracks. The expedient of getting a user back to work can mean shortcuts on security that are never corrected. Ideally a firm will have more than one person on staff or outside the firm who is generally familiar with the system and what is being done on it so that red flags are spotted. Highly targeted attacks do occur although most include some inside help. This you can do something about. Firm System Information Have you ever seen an e-mail from a friend or colleague that was clearly spam sent using their e-mail and name All day every day virus programs troll the web for weak points in e-mail systems and servers. The worst attacks can shut down an e-mail system or cause a firm to lose the ability to e-mail one or more clients. This can have an immediate and detrimental effect on the firms reputation. These types of attacks can easily be prevented with normal and inexpensive measures. Mobile Traveling Devices Have you ever left your phone at a hotel or restaurant The most commonly lost and stolen items of concern are laptops tablets and phones. These devices often have firm data or quick links that dive into firm information. More often these are lost items rather than stolen items. Prompt notification protocols and response by the firm are crucial. Stolen items are rarely taken for the purpose of data mining. However protections must still be put into place. Break-ins Have you ever lost something within your own office and been unable to locate it Computer device theft is rampant. Computer goods are an attractive target for thieves because of their value and portability. A thief may have no interest in the data on the device but the firm will still have to react as though the data is being disclosed and exploited just to be safe. Most of these attacks are specifically for hardware and most are confined to new hardware in boxes. Servers and data storage devices are rarely stolen but it is not unheard of because they are generally in use and more often in locked areas that are more difficult to enter. Protection for the firm what do we do With the above threats and the as yet undiscovered modes of attack how can a firm reasonably deal with security while maintaining functionality Driving a Sherman Tank might make you safe from most common auto accidents but can you drive it in the car pool lane and park it at the store The answer does not lie in locking everything down so hard that users cannot work. Rather the answer lies in good quality security practices combined with high value security solutions. Perimeter Protection Step one in a quality security solution is to protect your perimeter. Smart firms are already doing a fair bit of perimeter protection.. Pre-filtering of e-mail. The primary vector for malicious attacks is e-mail particularly e-mail that invites the recipient to send confidences or unwittingly click on a link that downloads destructive software malware. More clever ways of invading your system are invented every day. Having your e-mail filtered before it reaches the firms perimeter is essential to protect users from unwisely opening and responding to messages that are not legitimate. This also has the valuable effect of removing common SPAM that Cyber Security continued from page 17