Security: a word that makes people feel happy and frustrated at the same time. For example, bank security can be reassuring to an individual as opposed to airport security, which can be stressful. Information security however, generally does not generate happy feelings in end-users due to its restrictions. Unfortunately, in today’s world, we don’t use the honor system. With so many attack vectors, it’s easy to overlook some of the smaller information security factors that can easily be remediated.
- The human element – This includes you as well. We, as humans, are smart, while we also enjoy ease and comfort. And one of the possible reasons we are at the top of the food chain is because we are unpredictable. That extends to the workplace as well. Something as simple as a web browser preference can create an unexpected security hole. Every web browser has security flaws. That one user who prefers Chrome to Internet Explorer, for example, can open your company to security holes of which you are unaware. There also exists the user that requires more network ports. The bad part is if the user brings in a router, then they can either take down the subnet or take down the whole network. Setting policies and locking down the environment can help mitigate this. Ensure users know the policy, make sure permissions are set accordingly, and if the previous two need to be overridden, get approval from someone who can make that decision.
- Perimeter security – This is possibly one of the most overlooked aspects of security and sometimes does not always fall under the Information Security team’s purview. The greatest firewall, IDS/IPS, and honey pot in the world won’t stop a person who can easy walk in through the front door. There have been occurrences where strangers have walked into an office from the street and chatted with employees at their cubicle. Requiring security badges to be able to enter the front door and access controls to certain doors will make it harder for someone to breach the premises. Another idea to consider is landscaping. If your offices are on the ground floor, place hedges to cover the windows in order to prevent potential attackers from looking inside of the office. The less information your attacker has to use against you, the better.
- Ethernet ports in public areas – Seemingly innocent enough that the average person probably would not notice them. However, Ethernet ports are an attack vector into your network depending how the port is configured. In an environment where everything is accessible from every port, you are essentially opening yourself up to a potential vector for someone to take company data or take down your network. Best practice would be to simply shutdown or disable the port. Take it a step further by covering it up with a blank plate.
By: Matthew Bailey