Down the Dark Alleys of DataTECHNOLOGY: Experts Give Firms Self-Defense Tips for Network Safety Monday, June 25, 2012
Especially sensitive data may call for “two-factor authentication,” requiring a person to submit two forms of proof that they have permission to look at the data. This might be a password coupled with biometric information such as the user’s fingerprint.
Matteo displays a different security device used in two-factor authentication: A plastic token about the size of a house key. The device, from EMC Corp. subsidiary RSA, contains a liquid crystal display which shows a code number. The number changes every 60 seconds according to a mathematical pattern. To gain access to sensitive information, a computer user might key in their personal password as well as the number from the SecurID device.
Employ Basic Security Techniques: Businesses need appropriate electronics, such as a firewall or a universal threat management device, to make it harder for hackers to get in, said Luce.
“Next generation firewalls that are application aware are a great tool for businesses of all sizes,” Matteo said. These might uncover software that a computer owner was previously unaware of its presence.
And the computer infrastructure must be kept up to date. That includes applying software patches at regular intervals. “Doing it monthly is better than not doing it at all,” said Luce.
Luce also recommends protecting devices with difficult-to-guess passwords. Ideally these should include letters, numerals and at least one special character. “It is far more important than people think,” he said. Characters such as a percent sign or hash mark make a password “exponentially more difficult,” he added.
Have an Acceptable Use Policy: Free downloads of normally expensive software, free porn sites and emails from mysterious sources may double as delivery vehicles for malicious software. Employees ought to know what’s off-limits and what is imprudent to touch, several of the computer industry leaders said.
“Spending a little bit of time coaching employees on what’s acceptable and what’s unacceptable can be invaluable,” said Matteo.
Privately held Bird Rock Systems has eight employees and reported $6.2 million in sales in 2011, up from $4.44 million in 2010. It works with midsize and large enterprise users, including defense contractors. With 111 percent growth between 2008 and 2010, Bird Rock ranked 29th on the San Diego Business Journal’s 2011 list of fastest growing private companies. The 2012 list appears on July 16.
Powell, the UCSD instructor, operates Web agency PINT Inc., Port80 Software Inc. and ZingChart. Collectively the businesses employ about 50 people. They do not disclose revenue.
“Security is not a feature,” Powell said. “It’s an attitude. It’s a posture.”
What’s more, Powell said, network security requires active participation: “You can’t just set it and forget it.”