Information Security isn’t just a Technology issue but, a Business one..

As the lines between work and play blurs due to the advances of technology, it becomes more apparent that ‘Information Security’ within the workplace is not just the IT department’s issue.

Information or data is a business enabler, it enables operations and productivity so, the security of it should be viewed as essential and promoted throughout the company – but, in most cases it is not.

Is this because we instinctively protect what we can see in front of us like buildings, personnel, hardware, the tangible assets but, we neglect the intangibles such as information because we struggle to see the physical value of it? Or is it the general attitude towards data security, the idea that we just need to do enough to meet regulations and compliance standards?

IT Security should be seen as a task to minimise risk for an organisation

This risk management is not just limited to the IT department or within the office because let’s face it, many of us do work a little when we get home even if its just checking our emails.

‘As many as 49% of individuals would use their personal device for work, found in a recent Norton Report’.

Employees use of unauthorised personal mobile devices can be a threat because it is an unknown object on the IT network. For example, if a user was to save business data onto an unauthorised device and then it was infected by malware, the data could end up in the wrong hands!

However, it is not about the IT department forbidding personal devices – if devices are approved then it is safe to have on the network. It’s all about having policies in place and training employees on how to access business data securely. The training should not be limited to the use of mobile devices but, general IT security practices i.e. always encrypt email containing sensitive data or never write login credentials on a piece of paper.

It is also important to ensure staff are aware of ‘Social Engineering’ because no matter how protected an IT Network is, there is always the possibility of external threats getting in, like CryptoWall which tricks users into opening infected attachments, exploit security gaps in Sliverlight, Flash and Java then, similar to CryptoLocker it will encrypt your files and demand a ransom.

Regular IT network assessments are recommended – not only will it help protect and minimise potential security risks, it can also be an opportunity to assess the efficiency levels of the network.

There will always be a possibility of a breach in security for every company, it could be due to a cyber attack, human error, social engineering etc but,if risk management is a common goal amongst every employee not just the IT department, it can help manage and minimise security risks in the long run.

To find out more about data protection or IT network security you can contact our consultants on 0845 603 5552 or drop us an email on info@netshield.co.uk

We are now on Facebook!

The team at Netshield have some exciting news to announce… we are now on Facebook! It will be filled with latest technology news, advice and much much more..

Although there is not much on our Facebook page at the moment but, watch this space as there will be some interesting news posted on there in the coming months 🙂

IT Services Netshield Facebook page

Check out the new Netshield Facebook page today!

The Aftermath of the eBay Cyber-Attack and the Lessons to be Learnt…

In May it was announced on news sites such as the BBC and SkyNews that the popular e-commerce site eBay was breach late February and early March. The breached database contained phone numbers, addresses, date of birth, other personal data and encrypted passwords. The company never disclosed how many of the 148 million active accounts were affected but, has asked all active users to change their passwords. The hackers infiltrated the network by obtaining, a small number of employees’ login credentials. Luckily the hacker did not access eBay subsidiary, Paypal’s financial database because it was stored on a separate network.

The Aftermath

Since the news many customers have complained and criticised the way the situation was handled, Attorney Generals in at least 3 states in the US has begun investigating the cyber-attack incident. Users was also outraged that eBay waited 2 weeks before publishing the breach after they found out, their explanation was:-

“For a very long period of time we did not believe that there was any eBay customer data compromised,” commented the Global Marketplaces Chief Devin Wenig shortly after the news was announced.

After promising they will make password resets mandatory on the website, it was days before this was carried out and for users that wanted to change their passwords after the initial announcement, they were unable to because the site struggled with the abnormal number of reset requests. Both of these factors added to the negative feelings amongst eBay users.

In a bid to assure customers they released a statement saying they have seen no indication of increased fraudulent account activities on the site but, it would seem eBay has missed the point as the main concern is… what the cybercriminals can potentially do with the non-encrypted information they stole like the numbers, addresses, date of birth, etc. – so the question is, why wasn’t this personal data encrypted like the passwords?

Considering eBay is responsible for a vast amount of personal data, you would assume they have a better incident response and management, breach detection, network admin login protection, and communication practices.

The most important lessons to take from this data incident is that good IT security practices for networks is essential for all businesses, regular network security assessments are required, educate staff on security and have good crisis management.

Breaches can happen to any company and poor incident response and management can just be like rubbing more salt to the wound, with the potential to create more long-term brand reputation damage.

For more information on IT network security practices and services please feel free to contact us on 0845 603 5552