Security Talk Column

RSS

Want happy employees? It’s more than the occasional catered office lunch. It’s providing an environment where employees can be productive, collaborate with colleagues and find creative ways to power through their to-do lists. Mobile devices play a primary role in this movement, but so have the widespread adoption of public and private cloud applications, which have provided workers access to their files, and each other, anywhere, anytime and from any device.

 Tailgating is one of the most common and innocent security breaches – an employee opening a door and holding it open for others, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these lax situations and common courtesy is that they open your building to undocumented and unauthorized entry by individuals who could intend harm to your property and employees.  

 Vanderbilt University has earned many distinctions, including Princeton Review’s top ranking for colleges with the happiest students. The school’s latest endeavor is taking the plunge and going mobile with access control.  

 There is a common plot line that underlies most of the breach stories in the news. Software written by bad guys gets into places on the corporate network where it shouldn’t be. It looks around, finds vulnerable systems, grabs valuable data and transmits it off the network. The term most commonly used to describe this behavior is Advanced Persistent Threat (APT).   

Training videos can be both effective and fun if you have some imagination and are open to a different approach. The safety and security video that Kishwaukee College in Malta, Illinois, recently developed proves that point. 

Having Lock-Down Protocols are useful, however it can delay law enforcement’s entry time. Do not expect to always escort law enforcement to threat areas; directions and diagrams are very helpful.

To have a successful security design and installation, it is critical to get all security stakeholders in the same room and to establish requirements and goals early. It is important for those goals to relayed to other members of a design team so that all of the needed support services and integration can be vetted.

By screening a provider for these qualities, you’ll accomplish much more than a manager who simply wants to “check the box” and get it over with. You’ll walk away knowing participants are getting the training that’s right for them, not an endless sea of faceless masses.

Banning specific cloud applications is bound to fail. Maintaining a blacklist of cloud applications is ineffective, at best.

Kent Lawson, founder of Private WiFi, decided to test the wireless network provided at the RSA Conference, and he was surprised at the large amount of completely unprotected communications from security professionals, discovered in a mere 15 minutes.