Month: November 2016

System builders must look at security

What is a system builder?

A person or a group of people who are building a computer program, website, server or a network for either their own company or a customer.

What type of security problems could there be?

Access is the major security problem that could be taken advantage of. Access to files, access to directories, access like this, must be locked down to specific users. Depending on the system, for example, a website can have folder security enabled to stop anyone going to thecomputersaint.com/blahfolderthatdoesntexist if there were secure documents in there then it’d be a first step to ensure they were not able to be stolen / downloaded.

The obvious security problem is when people access your data, files, pictures, memoirs or any file that could be sensitive.  The data they pull from that file could be used in a negative way. Especially if it matches up with some information they gleaned from social media accounts.

Who could take advantage?

Someone who is looking to attack you electronically, maybe they are looking for a password to an email account. Maybe they’re looking for information to gain a better understanding of what you do. Perhaps you work for a company where their data is commercially sensitive. If the competitor got their hands on the data, it could spell disaster for your company if the competitor got your information and could get to market before your company.

Maybe your company has an old server no-one looks after. You might have 30 old employees with active accounts after years. 29 might not use them but the 30th might want to log on and take data that they’re not allowed access to.

 

How to stop them?

Access must be controlled with a username and password. That is the first step in securing data. That password must not be written down and must not be shared. Change the password every so often, your own password policies should be every 30 days – 6 months. Use a secure password, check out our other blog posts for how to choose a secure password.

Keep track of old user accounts to files and change passwords to VPN’s or old user accounts when someone leaves the company. Make it policy, don’t let staff get complacent.

Do you need that old file in that location? Why not move it once it’s not needed or delete it. If you have a lot of files that only 1 person or a group of people need access to then maybe have it on small NAS box or its own LUN on the SAN, this is so Finance can’t see Design’s files and Design can’t see the Finance files.