The Security Struggle

The security struggle refers to the collective problems you experience at your workplace around the complex world of information security.

You start work on your first day and you’re given a username and password to login to the secured computer network at your location.

That’s the first item you’re required to remember.  You’re told not to share this information, but you’re never given a training on computer or network security at all.

It may come up in passing or in a sentence or two during orientation, but for most workplaces, that’s all.  So, you go about your business, checking emails and discover that you need to sign up for your benefits.  Hooray!

The benefits system has another username and another password to remember.  You attempt to keep the same password so you can remember it, but the security protocols the IT team has setup requirement an uppercase letter, a lowercase letter, two numbers, and a special character.  You try to think creatively and end up with a combination of your name and birthday.

After signing up for benefits, you asked to submit your goals for your first year of work.  You receive a username for yet another system and set the same exact password as the 2nd one.  Phew, that was easy.

The process goes on and on as you continue to set passwords that are all variations of the initial one you created to login to your computer.  First week of work is over and you’re excited to relax.

Monday, you come into work and you mistype your password to the performance system 3 times and lock yourself out.  You email IT to reset you, but they don’t get back to you for hours.  Now, your goal setting meeting with your boss is delayed, and he’s not happy.

“Ok, I have to remember these passwords.”  You write all your passwords down on a piece of paper with your usernames and store them on a sticky note attached to your computer monitor.  Your work station just went from secure to useless in less than a minute.

This happens all over the place.  Corporations face the challenge of maintaining security without overloading their staff.  Not enough security and the system can easily be accessed because of weak passwords and poor security measures.  Too much security and the employees can’t remember any of their information because they’ve used so many variations of the same thing.  This leads to the exact same problem – passwords that can be easily guessed and people writing passwords down and placing them on a desk, in a notebook, on the computer itself, in unsecure locations.

There aren’t many ways to avoid this conundrum, but here’s a few things that can be done:

  • Train employees on the importance of security and what can happen if they do not help the corporation maintain it (Think Target hacks and millions of $’s lost)
  • Use a long single-sign on password
  • Use a biometric scanner – thumbprint scanner USB hookups are the coolest new tech out there, and they work well
  • Use an ID for access – the only problem is keeping the ID safe.

The sponsor for today’s post is Newton Fire & Flood.  They are the best sewage removal and fire damage repair company in all of Boston.

7 Ways to Protect Your Data

Very simply, protecting stored data means stopping unauthorized people from getting to it.  The purpose for their access doesn’t matter – whether it’s accidental or intentional, for corruption or infection.  Safeguarding data entails knowing the possible threats, implementing layers of defense against them, and continuously monitoring everything to ensure there has been no breach.

Use multiple layers of defense

Use a multi-tier data protection model that protects the data on different levels.  One line of defense is not enough to protect from all of the potential internal and external threats in existence.

Use both virtual and physical security measures

Verify user credentials before allowing access to anything – this is referred to as authentication

Secure data so that only the correct people can see it – this is encryption and security roles.

The roles a person is assigned is based on their job.  If it’s not part of their job, they shouldn’t have access to it.

Use firewalls and antivirus software

Firewalls monitor inbound and outbound connections to a network.  It’s important to choose one that is not only well-equipped and up-to-date, but one that also allows programmable exceptions for standard processes you have in place.

Anti-virus software is another key element of proper security, as it’s meant to prevent viruses from accessing your data.  Even something as simple as a key-logger (which anti-virus programs would pick up) can steal everything you type, including usernames and passwords.  Bite the bullet and buy the software you need to stay safe and protect your data.

Don’t Neglect Physical Security

Keep data under lock and key, literally.  Make sure you know where your physical data is stored and who has access to it.  Know who should have access and who should not, and keep a log of who accesses what and when they do it. When something happens, you can go back to your log.

Change passwords frequently

Although it can be a pain in the butt, make sure that passwords are changed on a frequent basis to minimize the chances of a data breach.  Daily is too much, but month might be better.  Or, if you don’t want to keep changing passwords, install a biometric system to login for you.  Biometric systems have become quite popular in science-based and technology organizations.  Your fingerprint is always with you and no one else can borrow it.

Stop using removable devices

Stop using removable devices on the computers.  The security/IT department can even install preventive measures to prevent the computers on a network from reading removable devices, which would be the ideal scenario.  This prevents people from saving data to a personal device and also prevents downloading harmful programs or data onto the secure network.

Security is important…but not that important

Security is extremely important to your organization, but make sure you don’t go overboard.  This comes down to judgment, but security should not interfere with the productivity of the organization or you may cease to exist for a different reason.  Make it very clear who can access what data and you’re less likely to have issues.