Sometimes I feel like my job is to be the “non social media” guy. When I write posts about non-marketing topics, like security, I feel lame. However, I know that there are a number of topics important to growing businesses, such as security, that you tend to ignore and not think about.
AVG Technologies reminds us that while it’s important to security such as passwords, back and recovery and other more obvious solutions, you must also remember to lock any back doors that could be open to online criminals.
In Big Momma’s House, why did Martin Lawrence dress up as Big Momma – to be “under cover” and sneak in. Well if criminals can access your data through a back door, they will.
Here are 5 back doors you should lock.
Door #1 – Social Networks and Community Bad Spirits
Most social networking activity is concerned with community spirit and sharing of a wide range of data including documents, music, video and links.
The biggest problem here is TRUST. People trust people that they know, or that they think they know. This means that users are more likely to click an infected link if it comes from a trusted colleague or friend.
Beef up your security policy, only 23 percent of companies have any security policies in place that specifically address social media. Offer staff some guidelines to keep them and your company network safe.
Door #2 – Instant Messaging and Spam Chat
Viruses and other malware can be hidden in files sent via Instant Messaging (IM). Introduce policies that educate and control the use of IM. One important step is to ensure that user’s emails cannot be easily identified by their IM username and some IM services link your screen name to your email address when you register. Having your email address so readily available is bound to increase spam and phishing attacks.
Door #3 – Insider Threats: Right Under Your Nose
While companies might rightly be concerned about outsiders breaking into your company network, employees pose a similar or even greater threat.
Staff are in fact responsible for introducing the majority of malware onto company networks. You may want to consider running additional background checks on IT staff in responsible positions before hiring them. The best advice is relatively basic – trust your gut feel, educate staff on keeping their data and network safe and enforce a robust internal security policy combined with a security audit.
Door #4 – Don’t Lose Remote Control
While preventing staff from leaking malware into a business has its challenges, staff that are allowed to access the company network remotely are even harder to control. Allowing staff to use their own machines for work increases the risk that malware may get inside the company network. An obvious way to close this security hole is to prevent staff from using their own machines.
There are other ways around this such as using virtualisation technology to create a virtual safe-zone within your hardware – like an embassy in a foreign country. However, it is arguably simpler and more effective to establish a strong set of security controls that ensure all staff only use company hardware with anti-virus controls and subject to updates and audit procedures.
Door #5 – USB Sticks
USB sticks are particularly good at spreading malware. They appear innocuous compared to a laptop or smartphone but can hold several gigabytes of code – some of which may be malicious. Allowing employees an unchecked option to insert these into company computers is an unnecessary risk.
Removable devices can be automatically checked using AVG software or users can choose to run a manual scan before accessing any of the files on the stick. Business owners should also create policies to keep personal and business drives separate on any machine.
Email-equipped smart phones poise similar risks to company networks as desktop computers. Smartphones can help spread malware onto other susceptible devices on the network and hackers have been known to use text messages to guide unsuspecting users onto websites containing infected code.