September 16, 2015
How To Promote Security In The Workforce
Online security and the constant threat of cyber attacks are rarely out of the headlines these days – indeed, we manage to make up half our blog on the topic! But it’s for good reason. Security is a topmost concern for business, and without it, you are leaving yourself very vulnerable to all manner of attacks.
Since the business world has gone online, the threats are no longer physical like they used to be. We do not any longer lock all of our files and business information away in secured physical vaults, for technology has enabled a much more efficient way of cataloguing our important data. But, with this convenience comes risk.
A battering ram may not be needed to break into secure vaults, nor a cat burglar’s deftness, dexterity and skill with a lock-pick. However, there are digital equivalents to both of these things and much more besides in the dark world of cybercrime, and this really cannot be emphasized enough amongst your employees in the workplace.
Taking Cyber Security Seriously
There’s much to be said about the fact that the average person doesn’t really appreciate the full extent of cyber threats. As with most things, until it happens to us, then we tend to disregard sometimes very blatant attendant risks in all manner of things that we do – and cyber security is no exception.
Many people will no doubt live their whole lives completely unscathed by the various attacks and scams that plague the internet. They may never have their passwords stolen, their computers hacked, or their online accounts infiltrated. These are very lucky people indeed, because at any time an attack could have been launched and they would have found themselves defenselessly vulnerable, and havoc would have ensued.
Now, it’s not your job to try and ensure that every single one of your employees takes their home and personal cyber safety seriously – but it is absolutely your job and your duty to see that these people do so whilst they’re in the workplace.
This is no mean feat, for attitudes to cyber security can be worryingly lackadaisical in the average worker. But it all comes down to education. And so, in order to promote security in the workplace, you must first educate the workforce about it. And below you will find our top tips and suggestions for doing so.
How To Promote Security In The Workforce
- Enforce A Written Set Of Security Guidelines
Simply telling your employees to always remain safe and vigilant when they’re online at work isn’t enough. You need to monitor your employees’ behavior and actions online. Write up a clear and concise set of cyber security guidelines that you will expect your whole staff to adhere to. Host a meeting where all of the points and issues raised can be discussed to ensure that everyone understands the gravity of what they are being tasked with. Furthermore, you will have to enforce these guidelines by issuing disciplinary measures to those who do not conform to them. Sometimes this is the only way to make your employees understand that security is not optional, but mandatory.
- Provide Security Training
Statistics from UAB Collat School Of Business reveal that only 37% of working professionals have received mobile device security training, whilst only 42% have received information sharing training. This means that well over half of working professionals today are simply unequipped with the information that they need to ensure that their respective businesses are protected from online threats. If you haven’t invested in security training for your staff already, then you need to do so without delay.
- Destroy Old Data
Some data may not be needed for business purposes any more, but that’s not to say that it’s no longer sensitive. Old data that is no longer of any use to your business decisions and operations needs to be destroyed in a timely manner in order to protect from any potential leakage that could lead the way to an entry point from a cybercriminal.
- Be Vocal About Security
You will never manage to instill a culture of security if you and your managerial team always keep quiet about it. Security should be at the forefront of everyone’s mind with every action that they take, and so you need to make sure that you are always vocal about security. Never let anyone forget about it – the idea is that security becomes second nature to the workforce. Lead by example.
- Pay Especial Attention To BYOD Policies
It will be unlikely these days that your employees will not be bringing their smartphones to work, and will probably be conducting some of their tasks on these devices as well – even if it’s just sending and receiving emails. This means that it is imperative that you have a secure and sound BYOD (bring your own device) policy, and again, enforcing it is even more important than having the policy.
Below is an infographic from UAB Collat School Of Business, which highlights some of the points made in this blog, and is a great reference point when it comes to educating your employees about the importance of cyber security.
Published by Igor Varnava, September 16, 2015
How do you promote data security in the workforce? Let us know in the comments below.
September 15, 2015
Don’t Cut Your Data Losses – Prevent Them With Data Centralization
Published by Igor Varnava, September 15, 2015
Long gone are the days of over-stacked filing cabinets and physical libraries stuffed with reams and reams of paperwork. These days, all of a company’s data is stored on pieces of computerized hardware either somewhere in the depths of the office building, or otherwise in large data centers as provided by cloud services.
All in all this is a much better system. Files can be searched for extremely easily by logging on to the appropriate database, and then retrieved with a simple click of a button. With so much data now flying around the web waves all over the world, the act of physical archiving is simply no longer viable, not to mention cost effective or productive.
However, storing data on computers, hard drives and servers is not completely risk-free. In fact, it comes with its own very unique set of problems that administrators of yesteryear could not have possibly conceived of. Indeed, computerized data storage is more of a concern for the IT team than anybody else.
Data Loss – An Ongoing Concern For Businesses
Your business will rely heavily on computers. And therefore you will naturally be concerned about data loss. Whether it’s down to hardware failure, theft, human error, a computer virus or cyber attack, data loss is serious business, and can be extremely costly for the unprepared.
DeepSpar cites that “hard drive failure is the most common cause of data loss” and in fact accounts for as much as 38% of these scenarios. The result of such a failure can prove to be detrimental to your business. Client information, credit card details, financial reports or even whole systems can be lost, and once it’s gone, retrieving it can make or break your business.
Data Centralization To The Rescue!
As with almost every problem that one is likely to encounter throughout one’s life, prevention is invariably better than cure.
Modern day businesses have to manage a high volume of scattered data around the web, which is constructed using many different formats by many different people. IDC puts the issue like this:
“Too much digital information creates the problem of organizing it in a way that makes it useful. Many businesses have more digital data than they can intelligently work with and often can’t extract what they need when they need it or create business intelligence from it.
Indeed, lack of organization not only causes a problem of utilizing the data, but it also creates a labyrinth in which said data is likely to get lost.
Enforcing a centralized data management system is key to combatting this issue. When data is stored securely with documentation, access authorization can be administered so that it cannot be accessed without the necessary privileges through a tightly controlled process.
Furthermore, centralized data repositories can be backed up on a regular basis, meaning that in the event of a disaster, recovery is a quick and painless one-time job.
As data volume continues to increase exponentially, the need for centralized storage will become ever more prevalent, and businesses will do well to prepare for this and start taking action now.
September 2, 2015
Singe Sign-on: Improving Security In the Cloud
Once upon a time, back in the days when there was hardly a cloud in the digital sky, the average user of computers only ever had to ‘sign-in’ once per day – and this was largely for the purposes of accessing a Windows environment. However, in the modern world of all-things-internet, with cloud computing and mobile devices abound, the average user now has to ‘sign-in’ to probably anything between 5 and 50 online applications or web sites every single day.
For this reason, many users prefer to activate the ‘stay signed in’ option on these sites and apps where available, to improve the convenience of working (or playing) on the web.
Even so, the tendency amongst individuals – be they casual internet surfers at home or professionals using the web in an office environment – is to use the exact same login credentials (i.e. usernames and passwords) to sign up for and into pretty much every site or application that they access. And this is certainly understandable. It can be terribly difficult to remember any more than 1 or 2 passwords – and when we might have as many as 10, 20, 30, 40 or 50 accounts registered, it is simply an impossible task memorize different passwords for all of them – let alone remember which one is assigned to which account.
And so, users often just stick to one that they can remember, and be done with it – despite the obvious security risks that this practice comes with.
Of course, certain technology solutions have been devised in order to work around this problem. Password managers, for instance, are of course very useful in this instance – especially for private and individual users. But when it comes to protecting company information in a secured and consistent way, something else needs to be done.
Single Sign-On (SSO)
Firstly, what is SSO?
The best way to think about SSO is in terms of something like Google.
Google Apps uses SSO. With just one username and password, you can sign on to everything that is available from Google – YouTube, Google+, Drive, Docs, Gmail and all the rest.
Put simply, SSO is an advanced authorization and authentication access control method that’s normally used in environments where users access multiple applications everyday. Google uses it, and so does the likes of Facebook, PayPal, Yahoo and Microsoft. These all of course run huge, disparate sites that serve millions and even billions of people every single day around the globe – and with SSO, users can access them all at once.
However, whilst SSO is perhaps most often associated with web 2.0 sites, it’s actually a very good tool to use in the enterprise.
Centralization And Active Directory
Since the cloud has come along, many companies have chosen to migrate some or all of their IT needs to a cloud-based solution. Google Apps is a good case in point here, actually. Most new start-ups now wouldn’t dream of equipping every computer in the office with a native Microsoft Office suite (though they might consider Office 365 – the cloud solution), since the free office suite available from Google is more than substantial for crafting any document that they may want – and it’s free and all files are stored safely away in the cloud.
However, for companies that are more than, say, 4 years old – it’s almost guaranteed that they will have begun life without the cloud providing for them many of the conveniences and securities that it does for so many companies today.
And if we go back further – another 10-15 years – then many organizations from then which are still around today will have been using Microsoft’s Active Directory to organize their company’s network, files and access.
Understanding The Benefits Of Active Directory
Active Directory has stood the test of time because of its relative simplicity in the organization of a lot of inherently disorganized data. Here’s how it’s explained on the Microsoft website:
“A directory, in the most generic sense, is a comprehensive listing of objects. A phone book is a type of directory that stores information about people, businesses, and government organizations. Phone books typically record names, addresses, and phone numbers. Active Directory is similar to a phone book in several ways, and it is far more flexible. Active Directory will store information about organizations, sites, systems, users, shares, and just about any other network object that you can imagine. Not all objects are as similar to each other as those stored in the phone book, so Active Directory includes the ability to record different types of information about different objects.”
One of the great things about Active Directory is SSO. Not only has the service been instrumental in improving the security of many organizations for many years – a feat it has achieved largely due to the centralization of control – but SSO has always made and continues to make user access and authentication a much more streamlined process.
Chris E. Avis on the TechNet blog explains the uses and benefits of Active Directory thoroughly but nonetheless succinctly:
“Active Directory on-premise is the means by which we authenticate and authorize users when the logon to a workstation, when they attempt to run an application, when the attempt to access a local web based portal, and even when they attempt to connect to a mail server to send/receive email. Active Directory contains objects that define the user, any groups they are a member of, and what rights and permissions they have as a user or members or a groups or groups.
“One of the primary benefits of Active Directory is Single Sign-On. Because of the centralized administration and the organization of all AD objects with a single forest (and through the use of trust relationships), a user can logon to their workstation once at the beginning of a work day, and never be presented with additional user ID and password prompts. This makes for a more [seamless] experience for end-users while unifying the security contexts and control for administrators.
“The key thing to understand here is that Active Directory Domain Services was developed for and is primarily used for managing on premise resources. These are resources and objects that are typically 100% under the control of company administrators. As the industry continues to shift to a more cloud based model, we need to extend Active Directory into the cloud.”
SSO In The Cloud
Avis’s last point is the most pertinent here. With so many businesses now migrating to the cloud – and with literally thousands that have been born in the cloud – there is now a slowly prevailing attitude that centralization can be done away with.
However, this is a danger to businesses for 2 main reasons – regulatory compliance and security.
Let’s talk security first.
Is SSO Secure?
There exists a common misconception that because SSO only requires one username and one password to provide wholesale access to multiple sites and applications, then it must come with a substantial risk.
Undeniably, if a malicious individual should be able to acquire a user’s SSO credentials then all applications protected by them will be open and vulnerable. However, that is a rather reductive oversimplification of the matter. In fact, common sense kills this argument against SSO down dead in an instance.
Think about it – as discussed above, users will often use a single password when signing up to many, many sites and applications anyway. However, when doing so, they will often sign up to some that are decidedly insecure as compared to others. This means that some of these sites will be very easily hacked – and with that information in hand, the hacker can just simply take a leisurely stroll around the web, signing into as many accounts as possible using the easily-hacked and remembered username and password.
Sometimes, however, people will go to the trouble of remembering different passwords for many different sites. However, they will still use the same email address for each one – which means that if a hacker got into the user’s email, it would be pretty simple to just request password resets for each and every account.
With SSO on the other hand, as the Jscape blog explains: “all authentication processes and elements are handled by the identity provider. Many of these providers (e.g. Google, Yahoo!, AOL, Salesforce) are large and reputable organizations who have the means and motivation to establish really strong security. Thus, it would be extremely difficult for a cybercrook to acquire your login credentials from there.”
With SSO, it will be much easier to ensure that your employees are first of all using strong passwords – since they will only be required to remember a single one. Secondly, it will also encourage them to use various security applications – a secure file transfer system, for instance, which protect the transmissions of sensitive data.
Such things are currently much underutilized by companies, simply because end users find them too complicated, and so find a workaround instead. This, obviously, is very detrimental to your overall security – but onboarding end users is an absolute must with all software and applications that you use. As such, SSO will help no end as it will aid employees in adhering to your security policies.
Active Directory was great – but it is of course dated now. Which is why Microsoft has developed Microsoft Azure Active Directory FS, which brings all of the great things about Active Directory into the cloud.
With modern companies moving away from Active Directory, users now have separate passwords for computer, email, Dropbox, Box, SalesForce and so on and so on and so on. Needless to say this is an absolute nightmare to manage all of these passwords for both companies and users – and indeed feels like a step backwards rather than forwards.
And this is why Microsoft Azure Directory – and other similar solutions like Okta, for example – are so brilliant. For they bring back centralization through the use of SSO, and that is invaluable in terms of security and ease of use for end users.