Network and online security make up a large and complicated beast. That’s the main reason that companies cringe at the thought of addressing their internal security policies and network infrastructure vulnerabilities.
Yet today, security plays a tremendous role in everything related to the web. Our lives are essentially put online, with nothing to stop someone from harvesting every detail about us. At the same time, companies are adapting hosted applications and cloud computing strategies, which make the security of their data and corporate information harder to protect.
Consider a recent example, where researchers showed that Cisco IP phones could be transformed into listening bugs. In addition, the right strategy could create a denial-of-service attack and take out a call center. Disgruntled employees or crafty competitors can easily use Cisco phones to eavesdrop, wiretap and more.
In addition, with social networking, hackers have more entry points to a company’s network. In the past, hackers would try to exploit a core service to gain access to a corporate network. They would look for the services that were running, and then try to break one of those services. For example, they might attack an FTP server and break it to gain access.
With social networking, hackers have adopted a strategy called “social engineering.” They reach out to users to obtain personal information, or they entice a user to click on a link or browse a specific web site. When the users takes the bait and clicks on a pdf, web site link or e-mail, the attacker gets the access they need. From there, the hacker can harvest user names and passwords, mine company databases or even steal call records.
These stealth attacks are difficult to protect against, for two reasons. First, they rely on the ignorance of users, who take actions that give hackers access. Secondly, they are stealthy. If a network is not properly guarded, the data theft may go on for some time before it is detected.
Unfortunately, most companies today to not practice good security. This creates incredible risk, which only increases as more hosted services, cloud computing strategies, and VoIP phones are installed. If your company relies on any of these applications – or plans to in the future – you must devise a solid IT security plan. Get ahead of the bad guys.
Not sure where to start? If your company relies on a technology firm that has installed your network, VoIP system or other applications, start there. Ask what options they have available, and how they can help you increase security at your company – today.