Hi everyone!
I would like to share with you article about Cyber security.
There are many cyber crimes witch was reported. In 2001 when
there was 17,8 million attacks, did you it could be increase to 800 milion in
2014?
It is very importat think, to wondering about security in
your company. Dp ypu think that is connect only for big companies?
Have you got any of that strategies for protecting your
company?
- SSL certificates
- Two-factor authentication
- Hire the right people
In my company we have many cyber security preventions like:
IPS, Firewall, SSL certificates of servers, two factor authentication for users
and policy to manage users passwords.
Do you have this same security level in your company?
I think security is as important for small companies as for big ones. Of course it's easier to achieve high level of security if you have enough resources, but if you are well known company you are even better target.
ReplyDeleteLook at Sony:
https://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack
About strategies, you can build a lot of firewalls, apply SSL, two factor authentications and still got hacked. You can have best employees and still got hacked if one of your users write their password on flash card or something like that.
I have pretty tough security policy in my company, and to enforce it we are spending a lot of money and time to apply it correctly. You need even more time to teach your users what they can do and what they can't.
Hi,
ReplyDeleteI think that choice of security tools depend on company profile. If you run a company providing some services and you have only a simple website do you really need two step verification or SSL certificate? But making sure people have access only to stuff they really need is always a good idea.
In my current company we use SSL and multi layer authorization with Access Control Lists. We have a network behavior analysis system and network based intrusion prevention system, I suppose there is also a firewall set up, but to be honest I'm not responsible for security assurance and I don't know the details.
The last advice on the list is ridiculous, I wonder how the author defines the "right people" and how does he check if a particular applicant is "right". I'd rather hire someone having desired essential skills and told him to follow security policy and best practices than follow my intuition.
Hi
DeleteI agree with that sentence that user has to got only to stuff that they really need. But it is clear.
I have to agree with Mikolaj regarding It always depends on the company profile, business goals and simply the cost company is willing to pay to implement certain security features of policies.
ReplyDeleteThe company I work has implemented and applied all these security levels. But again, this doesn't guarantee that no information will leak. The weakest element of the security chain and root of most security breaches turns out to be human behavior (or should I say misbehavior).
Security is quite expensive. At least when done right. I don't really think small companies can afford to "hire right people" when it comes to IT.
ReplyDeleteTherefore the sad state of affairs is, most of companies are totally vulnerable. Some of them try to fix that by acquiring "security tools" like Norton Security or Symantec Endpoint Protection. But it is nothing but false sense of security.
I am quite convinced that startups and small businesses really need not just security suites, but also trusted advisors.
Sorry, my private message to the guys who are actually scanning the Internet for such posts: I am talking to you, wise guys, go to Tristan and make him talk to Mike. If he's interested in saving the company your new, fantastic strategy has to take small companies (and consumer) ignorance into account. Your current tools are inadequate.
I agree with the opinions that companies need to adapt security policies to help them achieve business goals. For security reasons I can't say anything about technology used in my company. Yeah, probably its hard to belive but I read our security policy. Security ways mentioned in the article are fairly common and used in most businesses. The hardest thing in my opinion is to find and hire right people. Not only because of security reasons but efficiency reasons too.
ReplyDeleteHi,
ReplyDeleteIn my company we have a SSL, Firewall, policy change passwords and etc.
In my opnion company need security policies to help achieve business goal, but the best security policies may not be enough because if will be error in the application that allows you to reach data from any point company can't secure his data. In other hands if we have a small company , it is very hard to adapt security policies because it is very expensive.
That is correct - it is so much expensive. But we have to use the most security polices if we would like to be sure that we do what we can to secure our data.
DeleteCyber security is very important branch of business nowadays. Every company (not only IT) are more and more based on computers. The data that they are holding are often very sensetive. It is important to protect them properly and this is become much more difficult thing than in the past.
ReplyDeleteUnfortunatly the biggest issue of IT security is the human element. In most cases the biggest problem are the people that are working there. They are creating vulnerabilities. We need to educate more about the security, this investment will be much more effective than adding new firewalls
This is very important topic for every one of us, not only for IT workers. I must say that I was doing projects for some companies and every company had Firewalls, IPS,SSL and more of this very expensive equipment, companies like to spend a lot of money for this kinds of toys. There was a little problem in this kind of attitude, their employees do not had any qualification to configure this kind of devices (and this is companies fault, they thought that proper devices configuration is trivial and they did not provide any training).
ReplyDeleteSecond very interesting thing is password policy, in some companies it's real pain in the ass, but on the other side you have coampanies where your password never gets old.
So it's like Dawid said "the biggest issue of IT security is the human element" and I totally agree with that.
I agree with you Tomasz and Dawid. That is very important to secure human thinks. If you are IT guy You have to do not believe users, you must check that :)
DeleteYour biggest risk might not come from a malicious hacker. The threat could instead result from habits and behaviors of your team members. That is why it is essential to put in place clear policies governing the use of devices, software updates, access to public Wi-Fi, etc.
ReplyDeleteThese policies must be drafted in clear language. Employees must be formally trained on these policies and they must agree to comply in writing. Then, these policies must be applied. That is when the manager specializing in cyber security comes in.
Cyber Security in my opinion is the most important thing for everybody who uses networks and IT technology in work and at home. I reckon that in the modern world the most important issue is the data. individual people who use digital data very often collect it in their computers or tablets or smartphones only in one, unsecure place and they don’t think the data may be lost in some way. In my life I often must help people recover their data after being attacked by a virus or other disaster. I think in schools or at work we don’t talk enough about cyber security. The same situation is in company, especially in small organization without typical IT division. People who at home don’t use cyber security software often don’t care about the data in work also. This is very dangerous for a company because security failures occur. According to the information described in ” Practical Strategies for Enhancing Your Company’s Cyber Security” every next year will be more and more dangerous for each company.
ReplyDeleteIn my organization we consider cyber security very seriously. We use the Internet only for unrestricted information. For confidential or secret information we use physical separate networks with many security levels. Every workers must have a security certificate who is published by security services.
Every tech company needs to think about security. I agree that SSL certs and two factor authentication are essential. Though when it comes to hiring it's not that easy to find the right people.
ReplyDeleteI think that usually companies start to invest in security once it's too late - after some serious incident occurs. As it was stated earlier, the main problem is usually lack of education and not following the security procedures.
That is correct - there is some kind of saying that we can adaptive to security:
DeleteThe people are divided into those that do backup and those who are going to do it :)
I agree that security policy should depend on the profile of the company. Small business are usually much less at risk of data leak etc. so they are also much less willing to pay for their cyber security. I think it is important in every discipline to hire the “right people” and every HR department is doing it’s best to do so : )
ReplyDeleteThat is right - Unfortunately :(
DeleteI am really very ignorant on this subject. Before answering and making any sense, I need to read a couple of books first. So, I am going to reserve my opinion for the moment.
ReplyDeleteSecurity problem is very common nowadays. Unfortunately, not every risk can be covered by good infrastructure and/or experienced administrators. The end user is a weak point in every system. Besides long and complicated security policies we have to educate employees which are less aware of IT risks. Example of a unique case is our university, we have hundreds students and dozens of administrative staff to take care about. While educating people hired is not so complicated and sound reasonable, try to imagine how realize this task in case of all students.
ReplyDeleteOhh it will be very complicated. But you are right - that educate the user must be one of major thinks to do by good IT administartor.
DeleteCyber security is very important PART of the business. We have to protect our data using most of available solutions. As I told in my previous comments human errors are weak point of security. You can not protect your organization without security policies. Tools like SSL, antiviruses etc are installed and configured.
ReplyDeleteEmployee is important element of the chain. People are looking for workarounds inside corporation, which facilitate cyber attacks.
ReplyDeleteI am really sorry but I will not talk about any cyber security strategies in my company. I think that talking about cyber security in any company is not in accordance with basic security guidelines.
Of course there is a basic set of the cyber preventions in every company. However, I believe it never a good idea to talk about it in reference to a particular company.
Besides, I have seen medium/small enterprises which use dropbox as a point of file sharing or any other services. It is not a good idea to keep there your know-how or sensitive data.
I am not sure if the medium/small enterprises are not aware of the consequences of poor cyber security strategies or they just cannot afford it.
Cyber security is one of the most important parts of the business.
Security is very important issue nowadays. In many companies data is the biggest value and losing it can bring huge losses.
ReplyDeleteAs it was already mentioned in previous comments there are to main sides of it: one is tools and strategy and another is people. Company can apply complex and expensive security solutions, but without well educated and aware employees it wouldn't work efficiently.
This comment has been removed by the author.
ReplyDeleteI saw it a lot of time. Security was every ware. There was two-step authentication, SSL, VPN, IPSec, computer that locks every couple of minute. Everything has to be according to the company policy. (I wonder if anyone ever read that. It usually has more than 120 pages long).
ReplyDeleteI call it "security through obscurity". Everything look fine but ...
Recently, in one company I found a WiFi network based on WAP. With the consent of the Security Officer in a few minutes I was able to look at the data being transmitted over the network. The company has invested a lot of money in security. Unfortunately, someone forgot about the upgrade of wireless controller.
Each system is as secure as the weakest component is safe.
Remember that each security system is only as secure as its weakest component.
Safety is important in large companies, small businesses and also in our homes. We can become victims for many reasons. Data from credit cards, documents, personal data are enticing to criminals. The number of attacks is constantly increasing. We have to protect themselves against attacks globally. We must keep our eyes open and minimize risk.
ReplyDeleteI won't speak about security in my company.
What a lovely evening with music and IT security related articles ;-)
ReplyDeleteIn my company we use all mentioned in the article strategies. But I agree with Marcin Krysinski that "each security system is only as secure as its weakest component.". I won't tell you what is ours ;-)