“When security butts heads with convenience, which it does all the time, convenience wins.”
~Joel Brenner, Former National Security Agency Inspector General
We all know general security measures, but how many of us follow them over time? When measures are first implemented we do our best, but as time goes on we become complacent and security may fall to the wayside. The Congressional Research Service recently conducted a study that estimated the economic impact of cyber-attacks on businesses to be over $226 billion annually. In the last 12 months, security experts have monitored more than 286 million new threats and the volume of web-based attacks has risen by 93%worldwide. Source: Symantec ISTR, April 2011.
The Evils of USB
We use USB drives on a daily basis to back up data or move it to another computer, but how many USB drives have you lost? As a business professional we need to be aware of the potential dangers to tools we use.
- Malware distributors can install payloads on USB drives and leave them somewhere, waiting for someone to pick it up and plug in to their PC.
- USB drives can be lost, exposing sensitive data.
- USB ports are often not monitoredwith firewalls and malware controls.
- Solutions such as GFI or Credent can control access to USB ports and/or encrypt data on removable devices.
P2P File-sharing risks
Peer-to-peer, P2P, file sharing programs allow for easy swapping of music, video and other software. Although, it may be a convenient way to get new music it is a huge security risk. The three main areas of security risks include: viruses, online attacks and self-help attacks.
The principal P2P method of attack is through viruses due to P2P sharing networks enabling files to be transferred among millions of strangers with the vast majority of them being unsophisticated users. The chance that one of these computers is carrying a virus is very high. Also, a malicious person now has virtually unlimited access to millions of computers to unleash a virus.
P2P networks identify shared files to millions of users connected together; they also identify the location of the computer and their IP address. Having the IP address broadcasted gives attackers a specific target, searching millions of computers at a time.
This is a new threat and legal method of people obtaining information about you through P2P. Self-help is used by copyright holders to try and discover who is illegally downloading their copyrighted material. Phony copies of copyrighted material are put out on the P2P networks and when it is download grants the copyright holder access to your computer and your identity. It is considered legal because it does not interfere with the systems operation, but it is impossible to know who is using the information to protect themselves and what damage they will do with the information.
Laptop users who are often in and out of the office tend to leave their wireless radios on which create a very real and dangerous threat as they can be a potential entry point for intruders. The wireless radio switch on many computers is located on the left side of the laptop. (Left=Off, Right=On). A green indicator will let you know that the wireless is on.
Although companies often implement several layers of enhanced security, merely answering a question/prompt incorrectly could connect you to an outside wireless network and create a gateway into the internal network of an organization. Your wireless radio should only be turned on when it is need outside of the office.
Please take the extra few minutes it takes to ensure your computer is not at risk.