Riverbank It management

Bumbling idiots. That’s how one IT manager described his computer users. They are the threat within. They sit next to the sort of internal threat you might imagine – the disgruntled employee who knows enough about IT to try to inflict real damage. Together these two groups of people pose the greatest risk to your IT security.

So how do you reduce the risks from the people on the inside?

Passwords

Start with passwords. If everyone understands that security is a serious issue they will keep their password secure. They won’t share their password with anyone else or write it on a sticky note next to the computer because they can’t remember it.

Don’t forget to protect the administrator password. It is the key to your network and must be carefully guarded. If you have an outsourced IT support company, make sure you know how they protect your administrator password.

You also need a password policy. This covers issues such as the complexity of passwords, and how frequently users are required to change their password. This is another example of the balance between security and utility; a complex password that has to change every 28 days makes your system more secure, but it does become very onerous for the users.

One common way to increase security without imposing an additional workload on your staff is to use two-factor authentication. This just means that each user has two forms of identification instead of one. In addition to their password they have a one-time PIN that they have to enter. Typically this ever-changing PIN is displayed on a device small enough to fit on a key fob or in a wallet, or as an application on a mobile phone. For a small cost and a small amount of effort you get a big improvement in security.

Protect folders and files

Don’t leave everything open to all users. Your technical team probably doesn’t need to see the accounts information, and your accounts staff probably don’t need to see all the HR files. So protect people from themselves (the bumbling idiot that lies inside all of us), and protect your business by restricting access to folders and files.

A favourite user error is to accidentally drag and drop network folders, moving megabytes of data to an unknown destination in the blink of an eye. It used to be a favourite call to the Riverbank help desk until we deployed software that alerts people before folders are moved.

If certain data files are very sensitive, encrypt them. Using industry-standard encryption software like PGP enables you to really lock down sensitive information. Even if someone does break in and steal the files, they still cannot open them.

A different sort of protection comes with digital rights protection (DRM). It became notorious when used to protect music files that people love to share. But for protecting documents it is great.

You use the software to protect a document by assigning access permissions to certain people. You can then distribute that document, and the security travels with it. Before opening a protected document the software checks that the person who wants to open it is on the list of permitted users. It doesn’t matter where in the world the document is because the software checks back to a central database. Using this central database you can modify permissions, add people to the list or remove people that you no longer want to have access to it.

Take your people with you

It is vital to get people to buy into the idea of security and understand why it is important to them. Back this up with policies and procedures, so it is clear what is expected of them and how they manage their security with least effort.

If they won’t go with you on this journey to improved security, there are a large number of tools out there to enable you to monitor and track exactly what your users are doing – minute by minute and keystroke by keystroke. But remember to consult your HR/legal advisers before adopting these more draconian measures.

The data glut

There’s too much data – too many e-mails, blogs, wikis, files on the network, intranets, extranets – and it has an impact on our performance and on security. The impact can be quite subtle, but some of the effects of the data glut are very straightforward.

Imagine you are a shepherd with a flock of sheep. Life is calm and straightforward, and you and your sheepdog have everything under control. Now imagine that every day you are given a few extra sheep. Very soon you have more sheep that you can manage. Your sheepdog can’t herd them all, some sheep jump over the wall to freedom and you don’t notice. You get extra sheepdogs and very soon you can’t manage all the dogs, let alone all the sheep. That’s the data glut.

The solution? Just remember that as new data comes in, so the old and the dead must go out. You have to manage your data. This involves culling unwanted files, and archiving data you do want but don’t need on a daily basis. That way you keep a nice manageable flock.

The less obvious effect of the data glut is on our attitude to security. Because there is so much data the individual elements become devalued, and standards start to slip. This is one explanation for the enormous blunders that hit the headlines periodically. We’re just punch-drunk from the sheer volume of it all, and we get careless.

Conclusion

IT security is a complex area because threats can come at you from many directions. Riverbank is here to offer professional advice, and to provide you with the systems you need. When the protection is in place we can also direct you to a third-party security testing company, so you have proof that you are protected.

Ask for an IT security review now – just e-mail help@riverbank.co.uk or call us on 01844 278036.