Wireless Connection, Safe?

by Jordan.Gorzalski on July 19, 2012

In today’s world wireless connections are the mainstream way for people to stay connected. Gone are the old dusty wires of yesteryear, say hello to cleaner looking workspaces at home and in the office. Just like the old saying “more money, more problems” I have a phrase I’m going to start coining “more efficiency, more hacking.” The lack of wires with a wireless connection allows us to connect quickly and easily, or some would say efficiently. On the flip side of that the old wires wrapped in various plastics were like a little security blanket surrounding our metal friends of connectivity. Without wires hacking becomes an easier process for those with a little rebel in their souls. What are some of the controls we should put in place to help keep hackers and people with less than good intentions from our systems?

There are a myriad of things you can do depending on how in depth of a solution you want.

For the quick fixer:

  • Add a password to protect your wireless network.
  • Set-up an authorization list for your wireless network by adding certain devices to said list and allowing only those devices to access you network. This will deny access to anyone not on the VIP list for your network.

For going beneath the surface:

  • Start by doing a survey on your network and seeing what areas need a little more security
  • Add Wireless Intrusion Detection Systems to your network system help detect attacks on your system.
  • You should also consider adding a wired IDS (intrusion detection system) to your system to monitor the traffic that passes into and out of your network.

For the strongest protection:

  • Configure all work related devices so that they have no access to public wireless networks. This would mean that all work related devices would only have access to organization authorized networks. This would ultimately keep everything safe from hacking.

The wireless age is nothing to be afraid of. We should embrace the new technology with open arms and a smile on our faces. However, with all things in life we need to take a look at the whole picture and consider not just the positive improvements that come with our new sleek way of living, but also the risks that are associated with upgrading. Wireless connections are great to have, especially if you have a lot of office guests, but just make sure that you are not compromising the security and safety of your organizations information. In short, be smart and be safe.

 

Sources:

  1. http://www.sans.org/critical-security-controls/control.php?id=7
  2. http://en.wikipedia.org/wiki/Intrusion_detection_system
  3. http://www.networkcomputing.com/data-networking-management/229604006

{ 0 comments }

There’s No Such Thing as “Bring Your Toy to Work” Day (And there’s good reason for that…)

by Dean.Brown on January 9, 2012

With the holidays just behind us, there’s a good chance you may have received a cool new technology gadget as a gift. Yes, it has all kinds of bells and whistles. Yes, it could be very useful in the workplace. So yes, you should go ahead and bring it to work with you, right?

Not so fast. Most companies (rightfully so) have a security and/or acceptable use policy, which specifies who owns the information you’re trying to access. In most cases you don’t even own your company email.

Before you take your new gadget to work, as yourself these questions:

  1. How will I feel if I get a subpoena for my gadget (because there is company data on it)?
  2. Do I want to give the company permission to access my gadget to see their data?
  3. Do I want to give the company permission to delete all my data because I misplaced my gadget?
  4. When the gadget comes home at night, do I really want to play with something I use at work?
  5. Do I want a family member seeing my work information?

If none of these is a concern, talk to your IT department. They will have their own set of questions, too, including:

  1. What information are you going to access via your new gadget?
  2. How will that information be protected? (Virus protection, spyware protection, malware of all kinds, passwords, and encryption protocol are just some of the things the company may consider.)
  3. How can we make sure the gadget doesn’t cause an information flow disruption?
  4. How will the device make you a better and more productive worker?
  5. Who provides the maintenance and up-keep for the gadget?
  6. Are you the only person that will access the gadget?

If all parties agree it makes sense to use your gadget at work, be sure to get it in writing.

Technology can improve your life, including your productivity at work. But don’t assume that just because you got a new toy, you can bring it in and start to use it on your company network. You might get rewarded with an unemployment check.

{ 0 comments }

Don’t Fall Prey to “Trendy” Implementations

November 15, 2011

A recent survey unveiled an interesting statistic.  Enterprises may be rushing into implementing new technologies without any update to security controls.  Given the emphasis on information security controls lately, this statistic comes as a surprise.  New technologies are very enticing and lack of adoption could threaten the success of your enterprise; however, adopting trending technologies [...]

Read the full article →

Management Approach to Cloudphobia

October 13, 2011

If you are familiar with arcade games, you may have stumbled upon Cloudphobia – a time attack game where a player is required to withstand the never-ending assaults from incoming enemies while protecting itself and an assigned mother ship from lasers and missiles. From a business perspective, amongst other things, business managers and IT Executives [...]

Read the full article →

QR Tags – The Little Square That Can Pack a Punch

September 29, 2011

We use our smartphones more and more each day.  We use them to manage our finances, search the internet, maintain work and personal meetings, store pictures… the list goes on and on, so it’s no wonder cyber criminals are looking for the next avenue to gain access to these mini data gold mines. Recently we [...]

Read the full article →

Doctor iPad

September 22, 2011

Health Care organizations are starting to see the value in medical professionals using the iPad.  In October of 2010, the Healthcare Information and Management Systems Society hosted a webinar on iPad’s and of those in attendance, (nearly 1000 attendees) 25% planned to use an iPad immediately and 70% planned to use an iPad within one [...]

Read the full article →

Business Email on Employee-Owned Smart Phones

August 22, 2011

Earlier this week I was sent a question asking if we had seen any best practices for policies regarding email access on personal smart phones not owned by the company. The best practices are similar to what you would find in acceptable use policies for VPN access or corporate smart phone access, but they also [...]

Read the full article →

What is all the Fuss Surrounding Google Plus?

August 11, 2011

Circles, Hangouts, Sparks… what is all of this?   With all the avenues of social media out there it is hard to believe  that yet another one has jumped onto the scene.   Facebook has been the reigning champ for quite some time but it has had competition from Google since the beginning but never has Google [...]

Read the full article →

Proposed HIPAA Privacy Changes Bring New Patient Rights and Increased PHI Protection

August 3, 2011

In an ongoing effort to provide information and insight into patient information access, the Department of Health and Human Services Office for Civil Rights has issued a series of proposed changes to the current Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The proposed changes would enhance current privacy rules protecting patient information by [...]

Read the full article →

A New Series of Reporting Options for Service Organizations

July 27, 2011

Many service organizations and other entities are familiar with SAS 70 reports — reports prepared following the CPA profession’s Statement on Auditing Standards No. 70, Service Organizations. Innovations in technology and the increasing use of outsourcing have led to these reports being used in ways that were never intended. Specifically, SAS 70 engagements were not [...]

Read the full article →

← Previous Entries