No business is unable to hackers, Sony and eBay can attest, but the knowledge base that can help
Sony security breach and too many attacks from the public in 201 4 shows cyber security bug in government and corporate accountability. If the company is to protect its customers, employees, intellectual property and equipment and business partners better, they need to protect personal and corporate data.
The fact that many violations occur so often is a testament to the failure of fulfilling their corporate executives are not responsible for. Small business owners and executives to review security policies, procedures, and their technology and taking all reasonable steps to mitigate its effects.
201 4 is another security policy failed and procedures that have made headlines throughout the year. Sorry to say that major violations took place in large corporations that most people expect to have a strong defense mechanism in place.
Unfortunately, analysis of disadvantages which opened this abuse showed that most of them can be prevented. Some repairs require more investment in technology, but most of them do not.
Below is a list that executives can use to evaluate their current status, perform a gap analysis and then develop a plan for taking corrective action.
list
User processes and policies that should be analyzed are as follows:
Safety awareness - all employees are aware of their responsibility and security to treat them as part of their work. It is important for executives responsible remind staff at a minimum, at least annually.
Policy desk clean - This policy was implemented since many people can not remember all of your passwords, so they tend to give them on the wall of the office, leave them in the open on their table or put them in drawers top unlocked.
Password - is waiting for another age. Executive Director should re-evaluate the length of the use of special characters, numbers, and passwords, period, 2-factor authentication and other elements to ensure the security of strong authentication. It may require some additional tools to force compliance but if it's a violation, it pays for itself. Reset the password for the policy needed to be set up which prevented aid workers from giving away access to that pushy pretending to employees so that they can get in through the back door.
BYOD and the use of non-business impact - non-business and non-commercial use of consumer devices increase the risk. Employees and others with access to corporate network applications and data need to be given guidelines about the use of the device and warned of the risk that is associated with accessing certain applications and websites. Device management (MDM) mobile devices that can be used to assist in this effort and the blacklist site that can stop certain sites from being accessed.
HR components - new hires, consultants, end and change jobs - potential new hires and consultants need to check before being hired. As goes without saying, it seems that many companies are not doing enough, as demonstrated by the number of fraud came to light. Consultants and staff that do not need to be reviewed at least every six months so they do not stay active accounts than necessary.
When a person has complete access rights, which was cut off immediately - before a person can get back into the system and destroy the stolen data or tamper with. Access rights should be tied to a particular job and change when a person has a job, his access rights need to be adjusted to allow only those programs and data relating to the new location.
Monitoring and reporting - the best way to ensure compliance is to measure and monitor all aspects of the security situation and report monthly to corporate management.
Technology also plays an important role in preventing abuse.