3 Enterprise Security Tenets To Take Personally - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Digital Business
Commentary
10/24/2014
09:06 AM
David Fowler
David Fowler
Commentary
50%
50%

3 Enterprise Security Tenets To Take Personally

Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.

I recently bought a new house, and following recommended security practices, I had the door locks replaced, the security code on the garage-door opener changed, and the house alarm system upgraded. The process reminded me of what a locksmith told me years ago: You can't keep a thief from breaking in, but you can make it hard enough that he'll go where it is less risky.

Fast-forward to the Internet/cloud era, and that sage advice still holds true -- maybe even more so. The most recent breaches hitting HealthCare.gov, Home Depot, and the unfortunate theft of private photos from iCloud make it clear that even the US government, giant corporations, and advanced tech companies like Apple struggle to cope with the speed at which cyber-thieves are evolving their techniques. It's not a question of if someone can get into your accounts, but whether your security plan is a deterrent -- or makes you a target.

There are three core principles in use by corporations that individuals can adopt in their own lives:

1. Defense in depth applies to everyone. The old model of dropping a moat (firewalls/passwords) around the castle (data center/your hard drive) and relying on perimeter detection is gone. It takes a combination of security products and practices woven into a web of protection. In your house, good locks on your doors and windows are a start, but if someone penetrates past them, you want a monitored alarm system as another layer of security.

For a typical online personal security scenario, basics are a password manager like LastPass or SplashID, so that you can use strong site-specific passwords without carrying around a wad of sticky notes. And no reuse, please. If you're on a public Wi-Fi network, add a personal VPN like WiTopia, CyberGhost, or Private Internet Access. For mobile, look into Apple Pay or Google Wallet. Both abstract your credit card data and add a layer of security. These aren't expensive or difficult to set up and may encourage an attacker to move on to the next house.

[What about wearables? Read Wearable Devices: Privacy, Security Worries Loom Large.]

2. Security is a team sport. Enterprises have knowledgeable security personnel on staff who are responsible for monitoring their environments. If a smaller shop can't afford someone who understands what a DDOS attack looks like, they often partner with a managed security firm or a cloud provider that does. Security is too important and too big a job to go it alone.

Likewise, individuals need to understand their limitations and select partners wisely. Does it really make sense to allow 47 e-commerce sites to store your credit card data? It's not such a hassle to type 15 or 20 digits. Before you trust a site to hold personal or financial info, be sure you trust that it invests in security and respects your privacy. Likewise, before storing anything in the cloud that you wouldn't want everyone with an Internet connection to see, spend some time digging into the provider's privacy and security policies and track record. Pick your trusted partners wisely.

3. Eternal vigilance is the price of security. Monitor the $%#& out of your computers, mobile devices, accounts, and credit reports. Install security patches promptly, and if a system starts behaving strangely, figure out why. Don't plug in random USB devices.

Many of the most damaging losses are not a result of the breach itself but the fact that it went undetected for so long, allowing the attackers to penetrate deeper and steal more information. Recent headline-making threats such as the Bash Shellshock bug and Heartbleed are prime examples of this.

On a personal level, look closely at all statements. Thieves often make micro-charges for just a few bucks on stolen credit cards to validate that the account is active before selling it on the black market. Don't just assume that an unfamiliar charge was from that coffee shop you visited while out of town. Carefully check your credit report, too.

When enterprise do dumb things, they tend to get owned. Using my home example, the partnership is with my alarm company (and my nosy neighbors). It doesn't do me any good to have the alarm if I don't turn it on when I leave, or if I "hide" a key under the front mat and announce on Facebook I'm going on vacation. Be smart, and hope thieves find your house too well-protected and move on.

How cloud, virtualization, mobility, and other network-altering trends impact security -- and the IT pros responsible for infrastructure protection. Get the Network Security Career Guide issue of Network Security today.

Dave Fowler is currently vice president of marketing for INetU. Fowler is a veteran of the software industry, with more than 35 years of industry and senior management experience in marketing, product management and development, business development, and sales. His most ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
asksqn
50%
50%
asksqn,
User Rank: Ninja
10/27/2014 | 5:54:40 PM
CyberSecurity: It Does A Body Good
At least in my area, I've personally witnessed a burgeoning interest in cybersecurity when I held a workshop at the local library as part of National Cybersecurity Awareness Month (#NCSAM) now in its eleventh year.  I had a really good sized turnout from different ethnic groups, and, the average age of the class was 55, so groups that have traditionally been preyed upon by phishers & crackers, et al. have definitely become more aware of securing/hardening their internet enabled devices.   
Mark_L
50%
50%
Mark_L,
User Rank: Apprentice
10/24/2014 | 4:29:48 PM
Re: Monitoring Cards
Completely agree, investing a few minutes a week provides a great payoff, as does using a VPN whenever you go online. After reading a couple of articles about how easy it is to intercept a WiFi connection, I can't stress that point enough! Cheers
dfowlerinu
50%
50%
dfowlerinu,
User Rank: Strategist
10/24/2014 | 2:18:17 PM
Re: Monitoring Cards
And don't forget checking your bank accounts if you are using Debit cards.
BruceHarpham
50%
50%
BruceHarpham,
User Rank: Apprentice
10/24/2014 | 1:51:55 PM
Monitoring Cards
"On a personal level, look closely at all statements. Thieves often make micro-charges for just a few bucks on stolen credit cards to validate that the account is active before selling it on the black market"

This is excellent advice! Taking 5 minutes per week to check credit card transactions online is well worth the effort.
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Commentary
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
News
What Comes Next for AWS with Jassy to Become Amazon CEO
Joao-Pierre S. Ruth, Senior Writer,  2/4/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll