Corporate information is on the target list of cyber criminals.  Just recently, a  hacker group is brazenly ramping its antics through cyber attacks targeting even the US Central Intelligence Agency. This exposes how poorly defended many networks are against Internet marauders.

Cyber criminals capitalize on social engineering techniques to break the weakest link in information security structure, the corporation’s employees. The recent fake Bin Laden execution videos on Facebook is an example of cyber criminals using the social medium as a means of attack. These attacks employ social engineering tactics that trick people into clicking links that directed to malicious websites and software.

Conventional security software are designed to guard outward, with very minimal security measures in place to prevent data loss from the inside.

Employee activity is therefore very crucial. Confidential information, from personal banking credentials to management plans to in-office politics, can be leaked if workers are not careful with what they share online.

Cyber criminals can piece together data from information uploaded by employees in these sites to create convincing ploys that would eventually give them access to vital places inside the network. This can potentially lead to information theft through malware attacks or data leaks endangering company trade secrets.

Cyber criminals may gain access to sensitive corporate data if an unsuspecting employee executes a malicious script sent via their email or social networking accounts. This problem is exacerbated by the increased use of mobile devices such as tablet PCs, laptops, netbooks, and smartphones in the workplace, plus the employees’ unofficial use of the corporation’s Internet.

The easiest solution for a corporation to prevent attacks is restricting employee Internet access.

In other cases, policies even go as far as disallowing workers to use their mobile devices in the office.

Though these solutions seem simple and foolproof, these actually hinder growth and performance in the long run as social networking sites can provide direct access to targeted customers and clients to foster lasting relationships with such clients, who use their own social networks to promote/recommend certain services.

Instead of limiting social networking use, it is recommended to go through the holistic approach of automated security and workplace computing policies to keep the workplace safe from data breaches and leakage.

Here are some recommendations on how to secure social network use in the office against malicious attacks.

• Allow employees access only the information or resources necessary for the tasks assigned to them.

• Create comprehensive yet flexible policies and restrict access rights that will govern the use of portable devices and social networking sites without hampering employee productivity.

• Educate employees on the impact of data leakage through orientations on email handling, file sharing, mobile device usage in the work context, and how employees should conduct themselves on social networking websites

• Back up all important data in case the system is ever compromised. Company programs, applications, and operating systems must be patched regularly to avoid having vulnerabilities which cyber-criminals can exploit.

• Install security solutions that can secure company data at all ends, but also helps lower operations costs and cuts down system complexity. Security that supports compliance with industry regulations by implementing controls for protection, visibility, and enforcement.

• Re-evaluate current security software. The in-place security solution should be able to provide real-time 24×7 network monitoring without burdening the system’s performance.

• The security software must be able to scan, monitor, and encrypt private data in endpoint input and output devices, as well as defend all possible network channels, blocking unauthorized data transfers through email, HTTP/S, FTP and instant messaging. Then, notify employees of potential risks.

Full Time Employee OutsourcingWe make sure your work data is protected by the best security available.
"Preventing Security Breaches in the Workplace." 17 June 2011. 
The Manila Bulletin. Accessed 18 June 2011.  Link Here.


You must be logged in to post a comment.

Recommended Providers

Recommended Articles

Ask the Expert

Please click here or send an email to jeff@outsourcing.ph with your questions about outsourcing.