Don’t under estimate Common sense in the cyber security world.

Introduction

I have said this a number of times in the blogs that I write.   We still need all of the front facing systems, as well as the other four pillars of the cyber security framework but when it comes to cyber security, common sense is your best weapon.   Not only will it protect you but it will also protect your friends, business associates as well as other members of staff.

For a business this is what I am talking about

Control BYOD don’t let it control you.

With a little forethought BYOD can be a great friend to all businesses.   No one wants to carry around two of everything.   So a compromise is that you use your personal items for business and get reimbursed for doing it.   This is all well and good but a business has to control this by putting in some caveats and restrictions.

These restrictions should be restricting the types and models as well as the operating systems.   So a business can say that they only support IPhones 4 with IOS 5 or later.   If you don’t have it then don’t expect to be able to use your android or Nokia phone or tablet.

As a business, common sense should be used to ensure that you are not exposing business critical information to the outside world.   As well as making it easy for the departing staff members to leave with your client list.

Mobile data – keep it secure (USB / cd verses secure transfer)

This is something I will get bought up on but putting your data in the cloud is 100 times more secure than allowing users and staff to copy information to USB devices and CD / DVD.   The amount information that has been discovered in taxis and busses is incredible not including the easiest way for an insider to actually steal the information.

I recommend that no one within the office have the ability to copy information to USB or have the ability to burn a disk.   There are a number of systems that you can use to secure your data in this fashion.   Securing the information in the cloud is also a problem.   I would recommend Amazon S3 cloud storage or microsoft office 365 if you have a need to store data in the cloud.   Both of these systems can be locked down as required.

Newest operating systems and applications

When it comes to common sense using the newest and greatest operating system and applications is very important.   The threat landscape changes and changes very fast in today’s business.   A security problem discovered on IE 9 will have been fixed and fortified in the next version.

This is where applying updates and patching comes into the cyber security problem.   By making sure that all systems are up to date is more secure than not doing it.

Password

no password for your password is very important.  A good password has the following characteristics.   It has to be complicated using letters, numbers, symbols and should include a space.   It has to be eight characters long, it has to be unique and it should be changed regularly.

Training

As a business, common sense should make sure that you are training your ill informed, uneducated and innocent staff members and users.   By educating them you protect them when they are doing things on the Internet but you also improve your business security.

This education program will lift the level of awareness of your staff and it can also be augmented with other educational and training.

Check shortened URL’s

This is a growing problem with social media, especially twitter.  Because twitter restricts a message to 140 characters, a comment about a web site may need to be shortened to allow it to be sent.   This shortening of the URL means that anyone can be redirected to infected websites that will not manifest themselves till you are actually there.

In addition to this, links in a web sites, social media page and / or email can also send you places that could cause problems.   Use common sense to enforce this within your business.

Using common sense can be a small but very important process within securing your business cyber security.   It adds another layer to your business defence in depth.   An adds that split second of thinking between being secure and allowing an attack.   Don’t under estimate common sense.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply