Alexandra Tsybulskaya, Corporate Sales, Elcomsoft: It’s Better to Prevent than to Cure
February 2010 by Alexandra Tsybulskaya, Corporate Sales, Elcomsoft
Last week a company that rents an office floor next to ours fell prey to a malicious attack. The employees of the company use instant messengers to communicate with their existing and potential customers. Although it is a common knowledge that the improper use of instant messengers can pose a great risk to an enterprise, people still click on the links they receive. The addresser of such messages and links is often an attacker. In the case with our neighboring company there was no happy ending: each employee who clicked on the link leading to a scammer’s website lost her ICQ ID. As the sales department relied greatly on this type of communication with customers, the loss of the company is to be estimated.
In the age of information technologies, each employee – not only IT department staff – should be familiar with how to keep their valuable data safe and secure. To fulfill this task in a proper way one should try to halt hidden security threats, with those lying on the surface, in order to avoid grave consequences and damage for the whole company. Employees’ information security literacy is a job of both IT guys and HR professionals. That is the reason we listed the most wide-spread hidden security threats for you to be aware of.
Lost Laptops, Exposed Data
The mobility of employees is constantly increasing in the modern world, and the rapid growth of the supply of mobile gadgets is rooted in the huge demand for such devices not only for personal use, but for working purposes. However, if your laptop or smartphone, you are accessing your work e-mail inbox or office PC from, falls into the wrong hands, unauthorized users may easily obtain the sensitive data that you’ve stored there. One of the ways out is encrypting your data. You can use an encryption program, such as TrueCrypt (available for free under open-source licensing), to protect your data from unauthorized access. Another possibility is to use a recovery service. If your equipment gets lost or stolen, and you can’t get it back, you’ll at least want to erase the data it holds. Some vendors, such as HP and Dell, offer services that try to do both for selected laptop models.
Use stronger passwords: Longer passwords are better; more characters take longer to crack. Keep in mind that the character diversity makes your password significantly harder to guess or crack. The situation will be definitely improved just if one sticks to a simple and widely accepted rule that a password must consist of uppercase and lowercase letters, numbers, preferably, special characters and be at least 9 characters long.
Rogue Wi-Fi Hotspots
Free Wi-Fi networks are available almost everywhere your employees go. Attackers, however, sometimes set up a malicious open Wi-Fi network to lure unsuspecting users into connecting. Once you have connected to a rogue wireless network, the attacker can capture your PC’s traffic and gather any sensitive information you send. Verifying the network’s name may help in this case.
Weak Wi-Fi Security
If you’re cautious, you’ve already secured your wireless network with a password to keep outsiders from accessing it or using your Internet connection. But password protection alone may not be sufficient. It’s highly advisable as well to use stronger encryption. Several types of Wi-Fi network encryption are available. WEP (Wired Equivalent Privacy) encryption is the most common variety employed on wireless networks, but it can be easily cracked. The newer encryption types such as WPA (Wi-Fi Protected Access) or its successor, WPA2 resolve the weaknesses of WEP and provide much stronger protection.
Now that so much entertainment, shopping, and socializing have shifted online, every Internet user leaves a rich digital trail of preferences. The best way out in this case is to use private browsing, which ensures that the site history, form data, searches, passwords, and other details of the current Internet session don’t remain in your browser’s cache or password manager once you shut the browser down.
Microsoft’s products have long been favorite targets for malware, but the company has stepped up its game, forcing attackers to seek other weak links in the security chain. One of the most trivial preventive measures in this case is to have all security updates installed, thus keeping your operating system and applications up-to-date.
Each self-respecting company or enterprise should cooperate with IT security departments, for only mutual cooperation can bring evident results.