November 2006 saw the launch of SC's Breakfast Briefings. Each seminar focused on different issues currently faced by security professionals and offered practical advice and useful contacts for the future to those present. Here we present the highlights of each event.
Remote working - In association with Boxing Orange
In recent years, mobile technology has come a long way, and it is now much easier for an employee to access the company network from outside the office. This trend has given rise to concerns over security threats and the protection of confidential data. As Matt Lawless (pictured), a managed services consultant at Boxing Orange, pointed out, a company's people may be its biggest asset, but they also pose the biggest risk.
"The most secure system you can possibly have is to not allow anybody on your network," agreed speaker Jon Kane, channel development manager at RSA. "It is only as good as your weakest point."
With ever more people accessing networks from outside organisations, or carrying confidential information on mobile devices, it is vital to ensure that your systems are safeguarded.
"People take these items home, plug them into other networks, then bring them back in to work and reconnect them to your system," said Niall El-Assaad, NAC product manager at Cisco. "While these devices are outside the office, they are no longer under your control."
Loss or theft of these devices is also something to think about. Last year saw many instances of confidential data falling in to the wrong hands, with organisations such as Nationwide and even the police affected. This causes embarrassment for the companies involved, and can damage reputations and customer trust.
However, there are ways to minimise your risk when dealing with mobile technology. One is to ensure that all data is encrypted. Philip Watkins, business development manager at SafeBoot, recommended using hard-disk encryption. "If you lose your laptop, no matter what tools a hacker uses, they will not be able to access your data," he claimed.
Combine this with token support and your network will be better protected than when relying on passwords.
"Many people tend to use the same word or phrase to access multiple applications, without changing it on a regular basis," warned RSA's Kane. "That means somebody just needs to find out that one word to gain access to all parts of your system." The best alternative, he suggested, is to use a randomly generated pass code that changes around every 60 seconds. This, along with a personal pin number, should boost the security of an individual's login.
Creating a secure yet straightforward log-in procedure was something also highlighted by Ray Smith, technical consultant, EMEA, at iPass. "One of the greatest challenges security professionals face is achieving the right balance between access and protection.'
One of the recurring messages of the morning was the fact that the people working remotely are not all likely to be IT professionals. That means it is important to keep things simple. Offer extra training to employees as required to maximise the potential of any security systems installed on your network.
As Lawless said: "We need to take the threats associated with remote working seriously. Forget the user at your cost."
Contact details: firstname.lastname@example.org, tel 0871 871 0067; www.boxingorange.com.