One of the biggest threats to security occurs when managers access their corporate systems from remote PCs, which may or may not be secure.
Currently, we are recommeding that employees of our larger clients use an IRONKEY usb flashdrive with hardware security and 128 digit encryption to initiate all remote accesses.
Why?
"It starts with the onboard IronKey Password Manager. As you visit your online sites, the Password Manager will ask you if you want it to remember your usernames and passwords. These are then stored with hardware encryption on the IronKey drive.
When you wish to log back into one of your accounts, the Password Manager compares the website that you are visiting with the website where you originally entered your password. If they match, the Password Manager enters your password for you without you having to type it in. If they do not match, then you may be on a phishing site, and the Password Manager will not enter the password for you.
This gives you simple but effective protection against phishing attacks and spyware that tracks your keystrokes."
Wednesday, October 31, 2007
Tuesday, October 30, 2007
IT Security - External Threats #1
Recently we reviewed the IT security systems for a publisher, who shall remain nameless, that had just undergone an audit by a CPA firm. The CPA firm overlooked a major hole in the publisher's management information system (MIS) security.
In our experience, 95% of security threats are internal (employees of the company) and 5% are external (hackers, viruses and worms).
ERP solutions, that store data in encrypted files are relatively secure against external threats provided that the external threat (i.e. hacker) can't gain access to a user id and password that allows access to the system and the user id that allows access to the ERP software.
At this publisher, we found that although the internal systems were secure managers who accessed the system's web site interface remotely were often doing so via systems that had expired internet security and firewall software or in two cases had turned off the security software on their laptop (as they said that it slowed their internet access).
With the security software on the external laptop turned off or expired, it would have been relatively easy for a hacker - perhaps using keyboard logging software - to obtain a copy of the user's userid and password as he entered it.
IT managers need to review and secure external internet access with an integrated set of policies, procedures, software and hardware designed to protect the company's property and customers.
In our experience, 95% of security threats are internal (employees of the company) and 5% are external (hackers, viruses and worms).
ERP solutions, that store data in encrypted files are relatively secure against external threats provided that the external threat (i.e. hacker) can't gain access to a user id and password that allows access to the system and the user id that allows access to the ERP software.
At this publisher, we found that although the internal systems were secure managers who accessed the system's web site interface remotely were often doing so via systems that had expired internet security and firewall software or in two cases had turned off the security software on their laptop (as they said that it slowed their internet access).
With the security software on the external laptop turned off or expired, it would have been relatively easy for a hacker - perhaps using keyboard logging software - to obtain a copy of the user's userid and password as he entered it.
IT managers need to review and secure external internet access with an integrated set of policies, procedures, software and hardware designed to protect the company's property and customers.
Subscribe to:
Posts (Atom)
Posts
