Information Security Blog

What Remote Employees, Happiness At Work And Hacking Your Servers Have In Common

What Remote Employees, Happiness At Work And Hacking Your Servers Have In Common

12 Flares

12 Flares


×

Like many people, I find it easiest to write about my direct experience. Currently I work from home, and I spend my working time doing application penetration testing on behalf of Pivot Point Security clients. This basically involves trying to hack into their systems with my web browser from the public Internet, just like black-hat hackers are trying to do.

There’s a sizable and growing need for application penetration testing, as more and more businesses expose more and more applications outside their firewalls to support not only customers and partners, but also us remote employees. Notwithstanding Yahoo CEO Marissa Mayer’s recent edict to the contrary, telecommuting is growing in popularity with both workers and management. The business doesn’t have to provide teleworkers with space and power, so facilities costs go down. And the teleworker doesn’t have to commute and organize his or her entire life around spending the day at the office, so happiness and productivity go up, by and large.

What Remote Employees, Happiness At Work And Hacking Your Servers Have In Common

But not everyone is cut out for working at home. It can get pretty lonely, and it’s easy to feel cut off from office goings-on when you’re 2+ hours’ drive from your nearest co-worker. Working from home can also feel, well… unexciting. I mean, once in awhile I manage to pull off an electrifying exploit, but most aspects of my job are pretty straightforward. I must admit that sometimes I long to hang out by the water cooler and hear about what everybody else is doing.

It’s important for businesses to keep remote employees engaged and make sure they feel like they’re part of the team. Otherwise they might become disgruntled — and disgruntled, disaffected, disloyal and/or dishonest employees (along with contractors and other “insiders” with access to your network) remain the leading cause of security breaches.

All the application penetration testing in the world won’t protect your organization from hackers who have access to your corporate headquarters LAN because you gave it to them. There’s no shortage of stories about ex-employees with an ax to grind that use their access permissions in untoward ways.

Besides using penetration tests and other approaches to ensure that your systems are safe from attack from outside, it’s important to mitigate insider threats. Perhaps the most important thing you need to do in this regard is make sure that as soon as people no longer need access to your IT systems, they no longer have access.

This is especially true for employees who have left the company. But it also holds true for contractors, consultants, business partners and all the other types of users out there. Indeed, from the standpoint of third-party vendor risk management, it’s also important to know you’re secure from threats initiated by the employees of cloud computing providers and others within partner organizations who can potentially access your data.

Mitigating insider threats is an important consideration for many organizations, and there are best practices “quick wins” and best-bang-for-the-buck solutions for organizations of all sizes. Securing your infrastructure and data in the context of a holistic approach to IT security will yield the best results. Part of that holistic approach should include making sure your employees don’t feel like outsiders, lest they start acting like them.

Photo Creative Commons License THOR

0


Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

About the Author:

Bob Gorski - Senior Security Consultant

Add a Comment

12 Flares Twitter 2 Facebook 4 Google+ 3 Pin It Share 0 LinkedIn 3 Reddit 0 StumbleUpon 0 Email -- 12 Flares ×