FEATURE: SECURITY •
popular for small businesses, and the sheer amount of personal data stored on a portable device makes it a more interesting target. Portable mobile devices are likely to connect with more surrounding environments more frequently, and this has the potential to spread a virus quicker than a single attack on a server or single PC. Just keep in mind when connecting a portable device to your local environment that malware and viruses can be duplex. So if a server or PC is compromised and you connect your handset, the infection can spread to the handset – and vice versa. In some cases a user that connects a device to the workplace can override security protocols, leaving the business at risk if the correct policies are not present. Viruses, malware and trojans are becoming more sophisticated, hiding code so that scans and security processes will see a file to be clean even though it's actually harmful. Most problems and hacks occur due to poor staff training and knowledge. So it is vital in any organisation to educate employees on the basic issues. Here are some tips: 1. Educate staff via workshop training programmes and policies (prevention is the best cure). 2. Don't jailbreak an IOS (Apple) device; this is a process that removes the integrity and security components of the handset.
3. Don't root (Android) devices as this removes the integrity and security components of the device. 4. Ensure you have a single unified security platform that is able to communicate across all devices. This reduces the risk of external viruses being introduced into the workplace environment. 5. Systems such as remote wipe functions for mobile phones and location services should be enabled. In this way, if a portable device is stolen or misplaced, you can delete the data so it doesn't end up in the wrong hands. 6. Ensure that a complex password policy is enforced along with an auto lock feature. 7. Consider your next mobile. Don't just pick a phone because of its design, think about the security components. One mobile to consider is the Blackphone 2 from Silent Circle. Intellectual property Intellectual property (IP) refers to creations of the mind, such as inventions, literary and artistic works, designs, and symbols, names and images used in commerce. It also includes information gathered by your company, such as your client database. Most companies that contact us about intellectual property theft today are concerned about internal threats: employees who might take a company's
come with security based on default usernames and passwords that is all too simple to exploit. And this weak security has already been exploited by a piece of malware named Mirai, which is reckoned by now to have infected more than half a million such devices. As the Mirai botnet of IoT devices grows, so the severity of DDoS attacks should grow. However, it does appear that this particular malware is becoming a victim of its own success. The source code for Mirai is freely available on the Internet, and now hackers are competing to recruit devices to their botnets.
the hundreds of gigabits per second – enough to bring down even the most robustly protected sites. Cue the Internet of Things. And while the things are dumb, they can still be used
to wage the war. Worse, because they are so dumb they have little or no security. The key culprits identified to date are surveillance cameras, baby monitors and digital video recorders, many of which
But what is the motivation? Why do DDoS attacks happen? These botnets of infected devices are quite literally "guns for hire", and can be recruited to take down a competitor's online presence for a surprisingly small amount of money.
client list with them when they leave. Although, that being said, this is more common in certain industries than others. Another major issue causing clients to come to us is when they have been hacked. This is where your policy and procedures should have saved you! However, most companies do not enforce or have policies to protect their sensitive intellectual property. I'm amazed how many companies today do not have even basic policies in place. Most small- to medium-size businesses believe they are doing the right thing by having some basic security software and that should protect them. You should have as a minimum, a backup policy (daily) perhaps an offline back system, passwords and/or encryption. Think about minimising who has access to your client database. We understand that your staff may need client information to conduct their day-to-day activities; however, there are other alternatives. Logs and transfer details should be stored so that you can identify who, when and how long or how much data was transferred during any employee log in. If staff are aware that everything is logged and recorded we dramatically reduce the risk of intellectual property theft from within. If you need advice, systems, policies or staff training feel free to contact Luke Athens. International Intelligence Agency 1300 738 400 www.spy4u.com.au
Many attacks, particularly those with a high profile, are carried out simply to show that it can be done. Some are more commercially motivated, either to take out the competition or literally for ransom. Others have been known to be even more nefarious, with the attack serving as a smokescreen to cover other directly targeted hacking activities. Fortunately, the lessons appear to have been learnt to some extent, and each of the wireless technologies competing for the attention of IoT device developers comes with at least a rudimentary level of inbuilt security. However, just as the need for data protection in the world of desktop computing gave rise to a whole industry of digital security, which shows no sign of diminishing in size or importance, it is most likely that securing the Internet of Things will prove to be another never-ending task.
INDUSTRYUPDATE.COM.AU
15