Virtualization Technology News and Information
Article
RSS
Shark Week: 6 Tips to Secure Your IT Tackle Box

shark-6tips 

Article Written by Erik Brown, CTO at GigaTrust

Scientists recently dispelled the myth that sharks attack humans because they mistake them for other prey. In fact, sharks can see clearly below the murky waters. But, it's not as easy for victims of phishing attacks to see what's lurking behind an attached document or link within an email.

Email is the lifeblood of communications for organizations around the world. Among the 296 billion emails sent daily, there are dangerous emails lurking within. A successful email attack can cost companies as much as $4 million per incident. In honor of Discovery Channel's upcoming Shark Week, let's look at what these dangerous and misunderstood creatures can teach us about email and document security.

Beware of Phishing Attacks: Phishing attacks use "bait" to catch their victims and can cause significant damage. The 2016 DNC Hack, for example, was a pretty large bite: a leak of 19,252 emails and 8,034 attachments. Like a good fisherman, organizations should test their lines in advance by training their employees and conducting mock attackts. To minimize the damage of a leak, a security system that enables encrypted email and security document collaboration should be considered.

Know the Landscape: There are over 400 species of sharks wordwide, and 2016 had a record number of shark attacks and bites (107). Just as most beaches are safe, emails are a common part of business and are generally benign. As vacationers flock to beaches this summer, they should swim with confidence yet be aware of their surroundings. Don't venture into deep water alone, and use the buddy system to keep track of your family and friends. Employees should send and read their emails with confidence as well, and have the ability to secure critical (deep water) emails sent both inside and outside the company. A secure collaboration system that provides anyone-to-anyone secure document sharing can ensure that critical content is protected from harmful attacks.

Confidential Documents are Blood in the Water: Sharks have a very acute sense of smell and detect injured creatures from miles away. They prey on a variety of sea life and their attack can be swift and vicious. Hackers send phishing attacks across an entire organization and when they detect an entry point, they pounce. When employees email confidential documents, the sensitive information can fall prey  to these attacks and cause massive damage. Enterprises can further improve security by encrypting confidential information on disk (at rest), during communication (in transit), and while viewing and editing (in use).

Just Keep Swimming: Some species of sharks have to move constantly to survive. Hackers are constantly growing new teeth in the form of ever more sophisticated attacks, so IT administrators should stay on top of the latest security news and threats.  Applying security updates and evolving enterprise systems will help stay ahead of possible attacks.

Analyze the Depths: A shark's body is supported by cartilage rather than bones, which helps them swim comfortably at multiple depths of water., Security professionals can get comfortable with the information they track, but hackers are swimming at multiple depths. Look for ways to gather and analyze new types of data to help detect malicious activities. Tracking the movement of and interaction with confidential email and documents is one way to gain insight into behavior across an organization. This and other behavior analytics can alert administrators to suspicious activity when an attack is in progress or before it really begins.

Layers of Personalities: Recent studies have indicated that sharks can have distinct personalities. Good fishermen know this. They ensure their bait and tackle is ready; they know which type of bait will lure different fish or sharks; the understand the strength of their lines and tackle. Enterprises also need to be prepared to protect their employees and information, especially as corporate data is increasingly accessed by remote employees and contractors on mobile devices. It's virtually impossible for an enterprise to oversee the security and usage of every access point into the enterprise, and breaches can happen when individual files are viewed or shared. Adopting a layered security approach that considers different entry points and scenarios provides broad protection for the organization. While preventing attacks is the best option, be prepared to detect and respond to possible attacks that your prevention systems might miss. If a hacker gains access to critical internal systems, is the organization prepared?  Is data secure and access restricted within the corporate network?

IT professionals navigate a sea of potential threats, and they never know when a shark may be lurking just out of sight. The ideas presented here will help enterprises prepare for the hackers (sharks) that may be swimming in your part of the Internet.

##

About the Author

Erik-Brown 

Erik Brown joined GigaTrust in 2017 as Chief Technology Officer where he is responsible for the IT, engineering, and customer service functions.  He has over 25 years' experience working with new and emerging technologies, most recently with mobile development. Erik's career includes technology positions in successful start-ups and Fortune 500 companies. He has worked as a developer, architect, and leader in mobile development, digital imaging, Internet search, and healthcare. He also brings his experience with patent development, and as a technical author and conference speaker to the company.

Prior to joining GigaTrust, Erik served as an Associate Vice President, Innovation and Delivery Services in Molina Healthcare's IT department where he oversaw a team of 40 people focused on improving and standardizing the use of new technology. He spearheaded the development and deployment of Molina's first mobile application for home-based assessments, and created an internal Incubator program for identifying and funding new ideas within the IT department. Erik also worked as Program Manager and Architect in Unisys Corporation's Federal Systems group as well as at several successful start-up companies, including Transarc Corporation (purchased by IBM in 1994) and PictureVision, Inc. (purchased by Eastman Kodak in 2000).

Erik is the author of two well-received books on Windows Forms programming, and has spoken at numerous conferences including the 2014 mHealth Summit. He is a graduate of the Society for Information Management's Regional Leadership Forum, and is a certified project manager and scrum master (PMP, PMI-RMP, CSM, and ITIL). Erik holds a BS and MS degree in Mathematics from Carnegie-Mellon University.

Published Monday, June 26, 2017 7:05 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<June 2017>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678