Security Challenges

We build genuine partnerships with our clients

• Neglected Network Defences
• Inadequate Content Security
• Weak Telecoms Networks
• Wireless Network Worries
• People Problems

Security isn't just about technology, it's about human resources. There's no point having a great security policy in place if people ignore it, and the technology won't be any help if you've left an important server and the data it contains in an unsecured ground floor room, not monitored by security guards or CCTV cameras. Furthermore, how well does your organisation vet prospective employees or contractors? Your network perimeter security may be robust, but can it protect you against rogue cleaning staff with physical access to your systems?

Unless you're relaxed about people wandering in and out of your offices as they please, there's a need to formalise procedures for chaperoning visitors to your premises, especially if they are anywhere near desktop computers that might be used to access electronic data, or paper storage facilities. One company called us in to help after a week's worth of unencrypted data back-up tapes were stolen from an open plan office where they had been left unattended. We were able to show them how to encrypt the tapes in future, and advised them on changing their back-up tape storage procedures, including keeping the tapes off-site.

There should also be guidelines in place that govern the parts of the building that contract staff are allowed to enter. Sometimes the procedures for staff leaving the company, or for new staff on probation can create security problems. Examples include leaving security clearances in place for too long, not deleting the user accounts of former employees or allowing a new member of staff too much access to sensitive parts of the computer network or office space. There should also be guidelines in place to mitigate the threat posed by removable storage devices such as USB keys, PDAs, iPhones and iPods, all of which enable the transfer and storage of increasingly large volumes of data.

Staff need to be trained to understand the importance of security and of taking the security policy seriously. There should be guidelines for choosing and changing passwords, for locking workstations containing sensitive data when a member of staff leaves their desk, and for destroying confidential paper-based information - and these guidelines must be enforced. This doesn't mean the organisation has to operate as a police state, but it does mean adopting a sensible approach to security.

Finally, it must be made clear that email and internet usage policies are not there to annoy staff, but to protect the business (and them). Despite seemingly endless amusing and horrifying tales about what can happen when the wrong email is forwarded to the wrong person, too many staff still fail to realise the potential damage email misuse can cause.

To find out more about how our consulting services could help your organisation address these issues and reduce business risks, visit our physical security page.

© Copyright 2012 Context Information Security.

Main Navigation

• Home /
• Our Company /
• Security Solutions /
• Research /
• Media /
• Contact Us