Security Talk Column

RSS

According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team.

Want happy employees? It’s more than the occasional catered office lunch. It’s providing an environment where employees can be productive, collaborate with colleagues and find creative ways to power through their to-do lists. Mobile devices play a primary role in this movement, but so have the widespread adoption of public and private cloud applications, which have provided workers access to their files, and each other, anywhere, anytime and from any device.

 Tailgating is one of the most common and innocent security breaches – an employee opening a door and holding it open for others, visitors without badges, or the passive acceptance of a uniformed worker. The problem with these lax situations and common courtesy is that they open your building to undocumented and unauthorized entry by individuals who could intend harm to your property and employees.  

 Vanderbilt University has earned many distinctions, including Princeton Review’s top ranking for colleges with the happiest students. The school’s latest endeavor is taking the plunge and going mobile with access control.  

 There is a common plot line that underlies most of the breach stories in the news. Software written by bad guys gets into places on the corporate network where it shouldn’t be. It looks around, finds vulnerable systems, grabs valuable data and transmits it off the network. The term most commonly used to describe this behavior is Advanced Persistent Threat (APT).   

Training videos can be both effective and fun if you have some imagination and are open to a different approach. The safety and security video that Kishwaukee College in Malta, Illinois, recently developed proves that point. 

Having Lock-Down Protocols are useful, however it can delay law enforcement’s entry time. Do not expect to always escort law enforcement to threat areas; directions and diagrams are very helpful.

To have a successful security design and installation, it is critical to get all security stakeholders in the same room and to establish requirements and goals early. It is important for those goals to relayed to other members of a design team so that all of the needed support services and integration can be vetted.

By screening a provider for these qualities, you’ll accomplish much more than a manager who simply wants to “check the box” and get it over with. You’ll walk away knowing participants are getting the training that’s right for them, not an endless sea of faceless masses.

Banning specific cloud applications is bound to fail. Maintaining a blacklist of cloud applications is ineffective, at best.