Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Tips For IT Administrators To Maintain Security During Summer Holidays

SecureWorks : 03 August, 2010  (Technical Article)
Remote worker authentication raises its profile during the summer season providing one of the ten areas to watch out for according to advice from SecureWorks
Tips For IT Administrators To Maintain Security During Summer Holidays
SecureWorks outlines its top ten tips for IT and security managers to minimise risk during the holiday season.

Don Smith, VP of Engineering and Technology, SecureWorks commented: "Summer holidays can be the worst time for security threats and as the holiday season starts IT support is often under-manned, people are working remotely to make the most of the weather and systems are left untouched for weeks. So at a time when the threat landscape continues to evolve and resources are stretched IT and security managers must make sure they follow good security practices, ensure staff are properly educated and they are able to offer the same level of security, whatever the weather!"

1. Hackers don't go on holiday - many frontline staff members are on holiday and resources are stretched, so the chance of a security breach not being detected is even higher than normal. Make sure you don't take your eye off the ball when your workers are on the beach! Also, as young people can be some of the most prolific hackers and will have more free time during the school holidays IT managers need to be extra vigilant.

2. Protect dormant accounts - one of the easiest ways to compromise a system is using account details (internal or online) of an absent team member as there will be a much lower chance that malicious activity will be observed by the end user. You can minimise risk by ensuring that user accounts have appropriate entitlements and you have considered your approach to consolidated log and security event monitoring.

3. Don't advertise that your staff are on holiday - discourage employees from broadcasting on social networks such as Facebook or LinkedIn that they're on holiday. 'Out of office' messages should only be sent to internal colleagues or to contacts that are in the user's address book.

4. Don't share login details - Restrict staff members from sharing their login details with colleagues or temporary workers who are helping over the holiday.

5. Set time limits on special access privileges - if someone is given temporary access rights due to staff absence you need to be careful with subsequent cleansing of such entitlements and entitlement creep. Make sure you remove excess privileges when they are no longer required.

6. Secure remote worker authentication - ensure that all laptops are secured with two factor authentication and appropriate end-point security solutions. Smartphones, such as BlackBerrys, should have appropriate security controls such as password protection alongside management features, including remote wipe and lock. These measures should always be implemented especially during the summer season when staff can be less vigilant when working remotely.

7. Ensure robust end-point security for remote workers - laptops not connected directly to the company network will miss out on critical patches from the system administrators, but will often be used in vulnerable environments - for example, being connected to open wi-fi in airports and cafés. This means they could bring back more than they bargained for when they re-connect to the work network, so end point security must be up to date and robust enough to ensure remote machines are not compromised.

8. Watch out for increased web use - over the holiday season the workload of many staff (not working in IT!) is likely to reduce so staff remaining in the office may have more free time to surf the internet for non work-related sites - which are more likely to be compromised. As such, this is a good time to check that security managers have in place comprehensive networking monitoring systems and that all browsers and OSs are properly patched.

9. Be vigilant on payment processing - as with other departments, payment processing over the holiday period may not be as robust due to staff holidays, so potential fraudsters will try and use this loophole. Fraudsters often attempt to receive payment for fake invoices.

10. Switch off unused PCs and routers - not only is this good from an energy saving perspective, but switching off unused resources will eliminate their potential to be used for malicious activity.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo