Jun 16 2011

3 Tips to Close Your Security Gaps

These tips can provide simple, quick and inexpensive solutions to your security problems.

Businesses need security, but they usually don’t like it. Security, to many businesses, is complicated, time-consuming and expensive. But relax: These three tips can make security simple, quick and inexpensive.

Secure Your Mobile Devices

Mobile devices have become hugely popular, and for good reason. They make life and work easier. But they also need better security, as 60 percent of data breaches come from compromised mobile devices.

Here’s a quick security test: How many devices in your possession at this moment have an on-off switch? Quick test No. 2: How many of those devices will give up all your secrets to whomever finds them after you leave them in a taxi? Thousands of notebook computers and phones are left in taxis each week, and thousands more are left at airport screening stations.

All notebooks need full-disk encryption. But don't waste time trying to encrypt some folders and not others, and don’t put all your trust in Windows encryption. Get full-disk encryption software for every notebook at your company. Even those that stay put can be stolen from your office, so protect all of them. Newer notebooks often have encryption-ready hard drives installed, so take advantage of that feature.

Phones and other mobile devices have a security code, but many users ignore it. Smartphones can carry plenty of company secrets, so protect the data areas of your smartphone with third-party tools. This also makes your phone more manageable.

Provide Password Guidelines

Password protection is a necessity now more than ever as companies move to cloud services, but many companies let employees choose their own passwords. Users remember passwords better when they choose them themselves, but make sure to provide some guidelines.

Ask users to follow some simple rules. For instance, avoid any words in the dictionary, including numbers and symbols, and use more than five characters (your rules may vary depending on your policies). Because people remember words, have them substitute numbers for letters, such as zero for "O", one for "I" and three for "E". Then sprinkle in a bang (!), splat (*), or at (@) here and there. And there you have it — better passwords.

Those passwords provide access to company assets, so employees shouldn't consider them private. Keep a list of each employee’s passwords, and update the list when they change. Too often, employees share passwords with each other, and that is certainly not secure. It’s better to have managers share user passwords as needed, then ask the employee to change those passwords after sharing.

If your security policies don’t allow that, discourage users from sharing passwords at all. But if they do, remind them that they better really trust the person they’re sharing with, because misuse of a password could get them fired.

Conduct an Exit Audit

Make sure to clean up after employees leave the company. That means changing the passwords for all their systems, especially those that are accessed remotely. Disgruntled employees can easily sabotage systems that are left open, so slam that door shut. And internal systems will remain vulnerable because, as we just noted, users share passwords, so keep the former employee’s accounts open but change passwords while they are boxing up their personal items.

Not every lost notebook will be taken by a thief, not every password-protected system will be attacked by hackers, and not every former employee will try to wreak havoc after leaving the company. But security awareness means protecting even against the long odds, so prepare yourself. These tips can help close security gaps and better protect your company.