This page contains a Flash digital edition of a book.
Passwords are no longer enough... If 25 per cent of UK and US office


workers just need to be asked by a colleague to give up their password, anyone wishing to use social engineering to gain network access they should not have will not have to try very hard. Delegating work is another common


reason for password sharing, but password sharing need not be a must for delegation and preventing this does not just come down to educating staff. By using technology to help people


adhere to the policies too you can stop staff, who will try to break the rules.


A large enterprise problem Insider threats are naturally more of a larger organisation problem, as the greater the number of employees the larger the base for a potential breach. Concern about the issue is growing


faster in larger organisations too, 38 per cent of IT professionals in organisations of over 250 employees told us they have become more concerned in the last 12 months, compared to 17 per cent for those of 250 and under. This is a natural trend of course, as


the more employees your organisation has the greater the statistical likelihood is that you may have some that are unhappy, and the harder it is to manage issues such as password sharing. The larger your organisation


the greater the importance of implementing a 360-degree security policy that addresses both internal and external threats, and being transparent about what risks your policy is


www.netcommseurope.com


mitigating - so that you can ensure access control is fully monitored and employees fully understand what your policy is set up to prevent.


What can IT pros do? It is human nature to see external sources as your greatest threat, and that coupled with the fact that insider threat is a complex issue to manage has led to IT professionals seemingly turning a blind eye to the issue. But the facts show that there is a


requirement for IT professionals to grow their understanding. There are measures that can be


taken to address internal threats via technology, but it is also a cultural issue. The best approach to mitigating the risks is to approach it from both sides, leveraging technology but also taking steps within the organisation to better educate users and help them to understand policy. User education is key, so your security policy should be easily accessible to everyone. Beyond this though, we all know that security policies can sit on an intranet or file network and be ignored, so use technology set up user notifications to remind them of specific policies, and why they exist - be transparent.


Active Directory: the facts As mentioned, one step towards mitigating password sharing is by preventing concurrent logins. However, in native Windows functionality, the most commonly used operating system


in businesses across the world, there is no way to limit a given user account from only logging into one computer at a time. But good security software can help


prevent the same user from being logged on from different devices or locations at the same time. In our research it was rather shocking


to find that those IT decisions makers who are using Windows, and its file directory system Active Directory, are confused as to its network management capabilities. Sixty-nine percent of respondents


are under the misapprehension that it enables the management of concurrent logins. Although it is technically possible to view concurrent logins, using custom scripts, it is not possible to limit or prevent them in a secure or effective manor. While it provides basic user security,


checking that credentials supplied match user profiles and opening up access to resources, they do not authenticate the credentials. Which is needed to ensure the user really is who they say they are. Of course technology alone can only


mitigate the risks so far, a truly effective approach must educate users and address the cultural issues. By raising awareness of the risks of


insider threats, IT professionals will increasingly understand the importance of network access monitoring and IP access restrictions via technological solutions in order to better secure business networks.


www.isdecisions.com NETCOMMS europe Volume IV Issue 3 2014 31


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44