The Little Geeni

It’s strange how the network security policies in place at a company can actually damage, rather than enhance their security. Security measures which are too stringent can lead to employees going around security for convenience’s sake. Employees can actually create security vulnerabilities which your IT department may not be able to protect against; because they may be unaware that they exist!

Not long ago, I spoke with the business director of a large company (I’ll call her Susan). Her company’s IT department requires employee passwords for their network be at least eight characters in length and be comprised of a random mix of letters, symbols and numbers. She also must change her passwords every sixty days. While Susan goes along with the security policies put in place by her IT department, if you were to walk into her office, she has her logon password written right there on her desk – “Password: 1jy^hndT”.

The work environment in many companies these days involves understaffing, tight deadlines and long workdays. When you add yet another complication into the lives of already overworked employees, it is only natural that they choose convenience over security. You see everyone doing this; from the CEO on down to the temps. While it sounds like a good idea to have employees remember complex passwords, what happens in practice is that it slows things down and leads to security being circumvented.

The real problem isn’t the security policy; it’s actually a very sound one – it’s the way that it is implemented which makes it a problem. IT departments are prone to ignoring the human factor when they design security policies. Most people can’t remember two complex passwords; and many can’t even remember one! By making employees change their passwords every two to three months, they further complicate the situation and practically force employees to engage in insecure practices in order to get their work done while still complying with corporate security policies.

This gives management a false sense of security when it comes to network security, since they don’t even know where to look for potential problems. Let’s say that someone copies down Susan’s password and logs in as her – the network monitoring software simply accepts as fact that she is working at 3 am. These security systems will not be able to prevent these attacks until the damage has already been done.

Password security which does not offer convenient implementation is not something which comes without a cost. Resetting passwords can take anywhere from 20% to 50 % of an IT departments time – this translates into about $70/incident. This time and money could be better used by your IT department. There are other costs; lost productivity when employees are unable to access the network.

A rule of thumb to keep in mind is that the greater the level of password security without a convenient management system in place, the more often you’ll need to do password resets. Smartcard security tokens offer a solution which balances productivity, security and technical support.

Smartcard based security tokens allow employees to manage network and computer security themselves without compromising the security of your corporate network. They do this by:

1. Offering double, two factor authentication – the user has the card (something they have) and the PIN (something they know). The computer has the card (something it has) and stored complex passwords (something it knows).

2. Being portable to other machines.

3. Having no information is stored on the computer for prying eyes to find and use.

4. Convenience – the user only needs one password.

5. Employees always have possession of their passwords.

6. Token data is securely stored and protected in the event that the token is stolen or lost.

7. The token can store passwords for many accounts.

Smartcard based security tokens prevent data thieves from merely looking over someone’s shoulder to learn passwords or look for notes taped to desks or inside drawers bearing this information. If each account is set with its own unique password, even if a data thief somehow gets one password, all other accounts are still protected. Smartcard based security tokens allow employees to stay within IT security policies and keep corporate networks better protected while offering the convenience employees want and need. This can make even the most careless employee a security conscious one.

Computer Security Breaches, Cause, Data, Network, Policies, Security

The online world has grown in leaps and bounds in the last few years. This provides the public with some amazing resources – the ability to access information with the touch of a finger, the ability to communicate via fast and inexpensive methods, and more functionality and ease of use are being introduced every day. Unfortunately, as with all good things, there is also a dark side.

While there are plenty of people who use the internet and computers responsibly and honestly, there are predators and hackers out there who spoil the fun for everyone if their dirty deeds go unchecked. There are a lot of ways for these people to compromise your computer and your network. Below we will review just a few of the ways that your network can be compromised.

Two destructive network breaches fall under a category known as “destructive behavior.” One involves the complete obliteration of data within your network. It is called “data destruction” and it is just what it sounds like. It happens when someone breaches your network and deletes data. If your network is business-related, this can be devastating. Experts say that it is no less destructive than a fire that destroys your computer equipment.

Some perpetrators have more than simple destruction in mind. They do something called “data diddling” which means that they alter the data in your system. They might change data in spreadsheets or other documents, or they might tamper with your accounting system. Some examples of things that have really happened involve the accounting system specifically. “Hackers” have broken into a network, accessed the accounting system, and changed the account numbers on direct deposit paychecks to go into their own accounts. Thefts like this take some time to track down – first the employee has to not get paid, investigations have to be made, and someone has to think to double-check the direct deposit account information. In some cases, companies have cut new paper checks and it has taken months to retrieve the lost funds.

Another way in which networks are vulnerable is in the realm of confidentiality. A lot of times, companies possess information that, if shared with a competitor, could be very bad for business. In this case, predators are not looking to alter or destroy data, they are merely trying to find out information they’re not supposed to know. If someone were to find out financial performance information before a public release of said information it could affect the stock negatively. If a company is planning to roll out a new product and someone gets that information and gives it to a competitor, or leaks the information to the public, it could hurt the company’s sales. Even more frightening is the possibility of someone breaking in to view confidential employee-related data – like home addresses, social security numbers, and bank account information.

All of these network attacks happen because outside users are able to gain unauthorized access to a network. To access information, change data, or delete data, the attacker gains access to a network and is able to execute illicit commands – either at the normal user level or at the administrator level. Both are bad, but luckily both can be avoided if you take these threats seriously and develop sound policies regarding your network security .

Computer Security Breaches, Network, Security, Some, Types