Guest Articles

Cyber Security: A Fresh Approach

June 25th, 2013 by ProcessFlows

The topic of cyber security is growing exponentially each year as we commit more of our lives to the interconnected world of cyber space. As a result the threats and exploits pitched against us have grown to match. Our initial response to these threats was to “lock” the user down by limiting their ability to carry out many very basic operations whilst using their PC or workstation on the network. We are now beginning to understand that to make our responses effective to the threats posed we have to deploy systems and approaches that do not force the user to change the way they work or to impose steps too onerous in steering the user from insecure to secure.

The User Factor

Humans by nature are reluctant to change and they don’t necessarily respond well to being asked to perform additional tasks to aid security. Especially if they are seen to impede the speed with which they can complete what they see as a mundane and security irrelevant task. In fact if confronted by such systems they become “poacher not gamekeeper”, subverting the very systems put in place to protect them and their employers. User non-compliance with security systems already in place have become a common denominator in security breaches.

To counter the threats posed in today’s cyber space, it has become the accepted wisdom that both software engineers and cyber security proponents need to factor in the human response to the systems deployed. The psychology of the user is as an important a consideration as for instance which encryption algorithm is to be used.

Identifying the Threats

The threats posed to our networks are various:

  • Threats are both inbound and outbound.
  • Inbound threats encompass those that wish to disrupt the service, steal the data and corrupt or delete files.
  • Whilst outbound threats are those which seek to steal our information and or subvert our communications.

Outbound threats are arguably the hardest to defend against, since these will be perpetrated by insiders, people we trust to have access to our systems. Either deliberately or by accident. The most secure of networks is rendered insecure if the users write their passwords on “Post-it Notes” and stick them on their monitors. The user is the weakest link! Grant Morrison when writing “The Invisibles” put it this way;

“Chaos sneaks in every time. They can cover the world with surveillance cameras, but they can’t stop the guys in the monitor rooms from jerking off or playing the fifteenth sequel to “Doom” for the hundredth time.”

Countering the Threat

Often what it all boils down to is deploying some sound common sense along with your security products and procedures. There are some basics to consider and take action on:

  • Only allow access to data and resources that are required by the individual to carryout their legitimate daily tasks.
  • Identify if the user is required to be able to copy data off the network.
  • Should the user have access to plug ‘n play devices, such as thumb drives?
  • If the user has access to plug ‘n play devices should the flow of files be one way, either in or out?
  • Once data is stored on a removable device control where that device can be used within or outside of the network.
  • Establish an audit trail for data leaving the network.

Technologies are emerging that provide this level of security but nothing will stop the legitimate user sitting next to the unauthorised user and allowing them to read or photograph the on screen output. Or am I becoming paranoid at this stage?

Conclusion

We have a duty of care to protect the data we store, in some cases this need to protect that data is prescribed by law. The informed response in 2013 is not to look at cyber security or for that matter any security in isolation, a holistic approach is what is required. A good marriage between systems and common sense is essential. There are many third party companies operating in the information security consultancy business, be sure you select one with independently trained and certified consultants.

This is a guest article, submitted by Paul Simms at Reflect Digital

We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!

A Better Approach to Business Email Encryption

May 16th, 2013 by ProcessFlows

Email EncryptionWhen it comes to business e-mail security, it’s better to be safe than sorry. Over the years there have been countless stories about security breaches worldwide, with sensitive data having leaked from the computers of businesses large and small with dire consequences. Unfortunately, regardless of these stories, people still lack vigilance and caution towards the information that they send online. E-mail security is of the utmost importance to not only individuals but businesses too, and if businesses fail to implement the toughest standards when it comes to the messages that are sent and received in their name, the results can be extremely damaging.

Adhere to the Right Practices

Investing in reputable e-mail encryption software, can make your network a much safer place. Most businesses today rely on the ability to communicate through e-mail, yet threats are being posed all the time, with malware slowing operations down to a halt and hackers finding it all too easy to get their hands on information that they can use to their own advantage. If data security standards are breached, sensitive data such as bank details and business strategies can fall into the wrong hands. Many businesses have faced legal action after personal information has been accidentally divulged in this way.

The Benefits of Auditing

Since the advent of e-mail, new threats have constantly come to the fore. From Trojans to viruses, spam to hacking, there are always dangers that businesses need to defend themselves against. It can be advantageous for some businesses to perform a full IT security audit from time to time to eliminate any vulnerability in IT frameworks, and one of the first areas that an IT specialist might tackle is a business’ e-mail infrastructure. Both incoming and outgoing e-mail can lead to headaches, but filtering systems are of great use and stop unwanted, dangerous e-mails from even having a chance to enter into a network.

Remain Vigilant

Of course, there’s always a chance that malicious e-mails might slip through the net, so it’s also important to ensure that your staff are constantly being kept updated with any new risks that might be faced. By keeping them informed and vigilant you can greatly reduce the chance of any problems being thrown up by the way that you deal with your e-mails. When education is used in tandem with high-end, trusted and respected software, you can feel confident about focussing on your core business aims, knowing that your network is being protected in the background.

If you are looking for a simple email encryption product, Egress Software Technologies comes highly recommended. Egress large file transfer software could also be of interest if you need to send large files securely.

 

 This is a guest article, submitted by Paul Simms at Reflect Digital. 

 

 We can source any software for you! Please email us for more information or call us at +44 (0)1962 659168. Quotations submitted within an hour!