We do a lot of IT security reviews for a lot of businesses, where we take an independent look at any potential risks. Most businesses put serious effort into protecting their data and networks, but our security specialists report a few frequent security flaws that it is worth taking note of.
If the nature of any IT environment is to change and adapt, then it would be fair to say that security cannot be a static solution. Indeed, we have written about the need for every organisation to make incremental transformations that give them competitive advantage, make them more competitive, or increase efficiency.
Even small changes can make a difference to security, though. If you’re working with a good technology partner, you will see them mention security in even the smallest of proposals, and this is for good reason. Even one new app could include code that carries risk.
If your users work on their own devices, they will inevitably have downloaded apps onto those machines. Most are probably safe, but nobody should ignore the possibility that the children’s cartoon app a user downloaded to amuse their toddler could contain more than just cute animations.
This doesn’t have to cause dramas, and there are a few approaches the IT department can take to make sure the environment is secured against any associated risks. A few vendors have software solutions specifically designed to make BYOD more secure – IBM’s MobileFirst Protect is a good starting point.
Since not all security issues are caused by shadowy strangers, managing risks closer to home is important. This can be as simple as limiting the number of colleagues who have admin rights to machines, or working with HR to tighten up processes around departing staff members.
For many IT professionals, it can still be hard to convince those doling out budgets that risks exist. Realistically, even obscure businesses can be a target for today’s organised cyber criminals. Indeed, a number of high-profile breaches have occurred via the access of low-profile contractors. Often a part of our security assessments involves equipping the IT team with information that helps non-technologists to better understand current security trends.
Finally, one of the best pieces of advice from our security experts is to avoid complacency and test, test, and test again, preferably backed by scheduled independent security audits. Often we can suggest free or low cost actions our customers can take that quickly improve their security. Most call us for a chat from time to time, and we are always happy to keep customer up-to-date on the latest security information.
For more about managing risk, or to be informed of upcoming security-related events in your state, contact our friendly Computer Merchants team.