Information Security Measures for Your Company’s System

Almost all companies will hire highly paid, competent and skilled security professional; companies would even pay for their incident handling training or any other information security training just to have someone who will be able to watch over their systems. A person who can configure the access policies in a company’s system, patch the computers and improve the overall security of the company’s system.

While on the other hand, they will hire a security guard on a minimum wage just to protect the company’s million dollars worth of computer equipments.

If you are a hacker, which path will you likely try to take in order to steal the company secrets? Would you spend hours, days, weeks or months just to hack into the company’s tough security network and in the event of entry you will be automatically barred off by the watchful eye of a highly paid cyber security expert? Or would you try dealing with the poorly paid and motivated security personnel?

Although, hacking the company network is one of the greatest threats a company will ever face, still there is one great threat that they always overlook. That threat is hacking the security guard or social engineering and that danger is always imminent. Without the collective efforts of computer security and physical security, then there is no information security.

Information security is the combination of complete access control on the computer systems as well as the building management. It ranges from how the people get in and out of the building, how the staff dispose their garbage, computer security, incident response, background check in every employees, video surveillance and etc.  One of the most common lapses in the company’s physical security is when one door in the building is unlock when one of the employees leave the building for a break. This will completely cancel out the expensive card key system of the building and an information thief will just wait for the right opportunity when employees leave the door open or unlocked.

Every social engineering attacks used in stealing information have different approaches or tactics. The easiest targets for these thieves are untrained, poorly paid and poorly motivated employees because these employees are the easiest person of the company to influence. It is not about having more security personnel; it is all about telling the employees what to do and what to look out for. A motivated, well trained and well paid employee will enjoy the job they have and are always responsible; they will not let their bosses down because they feel that they are needed by the company.

When hiring new employees, companies must include a complete background and credit check; this way companies can determine who to hire or not. Candidates who have filed bankruptcy should never be hired, because they can easily be bribed or perhaps seduced into selling the secrets of the company. In fact, those people who have filed bankruptcy aren’t given any security clearances by the federal government.

Hackers could easily steal important information not on the system of the company but from the hand held devices or laptops of employees that are left at their car. Often times, employees will just leave their access cards inside their cars. Companies must have strong policies against leaving behind important devices in the car; instead they should be stored in a secure location inside the company premises. Company websites mustn’t share the names, position, bios and other information of their employees because this could open new avenues for thieves to exploit.

Companies must also train their security personnel about the company’s computer network; they must have the basics about the technology as well as the servers so that they are more aware on the things they should be protecting. Security personnel must be on the look out for hard drives external drives or any writeable media that can be used to steal important company data and secrets.

Finally, the last thing every employee must do to protect the company’s network is to log off the computer after using it – employees don’t need any incident response training for this. This is common knowledge because a hacker who was able to get inside the company will install a software or root kit that will be used to steal information.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in incident response.

More information about EC-Council is available at www.eccouncil.org.

Computer Securities – The Threats to Computer Systems Part 1

Without a doubt, almost everyone rely on the computer and the internet just to complete their homework as well as work. Computers are also used to create and store important information and these informations have to be kept and stored in a secure and safe database. It is also important to us to protect our computer from abuse and misuse and also prevent any data loss in our computer’s operating system.

Computers used in companies and industries must have tough securities like firewalls and anti-virus and security methods like penetration testing so that vile minds cannot access the stored crucial information. Home users and other individuals must be cautious and perform any means necessary to protect their credit card information whenever they conduct any online transactions. If not then the computers they have will be at risk from any threats that could lead to the loss of important information, damage to the software, data and processing capabilities and cause damage to the hardware.

This intentional breach on the security and the system of a computer is called as the computer crime and this crime is under the same category as cybercrime. Cybercrime is one of the most known illegal acts nowadays and these acts are based on the Web; many security industries as well as law enforcement agencies in the world are facing this problem head-on. In fact, they have uncovered the different types of attackers in the cyber highway: the hacker, cracker, cyber extortionist, cyber terrorist, unethical employee, corporate spy and the script kiddie.

Hacker

In the past hackers were people known to have good skills with computers, but now the term hacker has a different view. Hackers are people who access any computer or any computer networks and systems without the permission of the network administrator. These people often claim that the reason why they access the system is to point-out the leaks and vulnerabilities of the system. Sometimes this reason is just a front for the hacker’s mischief.

Cracker

Cracker, even from the start was never associated with any good deeds in computer security. Cracker is just the same as the hacker, but most of the time, crackers will intentionally access any computer or any computer network for vile purposes like stealing important data or information or perhaps destroying the system, database or information on the system. Both the cracker and the hacker are extremely advanced when it comes to their skills.

Cyber Extortionist

Cyber extortionist is like a black mailer. This individual will use emails in an offensive way, sending threatening emails to the company or an individual. The mails will tell the company or that individual that these extortionists will release the important or confidential information, exploit the security vulnerabilities, or perhaps launch a cyber attack that will harm a person or a company’s network. They will ask for money in order to prevent the cyber threats from ever happening.

Cyber Terrorist

Cyber terrorist is a person who exploits the computer network or Internet in order to destroy the systems or computers for political purposes. It is comparable to a typical terrorist attack; these individuals are highly skilled specialists and their plot takes years of planning as well as substantial amount of money to implement their plot.

Unethical Employee

Unethical employee is a worker in the company who will illegally access the company’s network for several reasons. One reason could be to steal important secret data or information and sell them on the black market or perhaps a bitter employee who wants to exact revenge on the company.

Corporate Spy

Corporate spy is a person who has excellent skills in computers and networking; this person is hired to break into the specific network or computer of a company and steal or perhaps erase any important data or information. Some companies will hire these people to perform any corporate espionage missions. They are hired so that these companies will have leverage against their competitors.

Script Kiddie

Script kiddie is the same as a cracker; they have the same intention of doing dark deeds that could harm the computer, system, company or individual. However, the only difference is that the script kiddie lacks the technical know-how. In fact, these people are beginners or silly teenagers that will only use pre-written cracking and hacking programs.

Companies and also every individual must exert their best effort to safeguard their computers and systems from these types of person. Although, they may not know who they are but they can deter their plots by improving their networks security by performing pen test, which can be performed by a person who has completed penetration testing training.

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications. EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. These certifications are recognized worldwide and have received endorsements from various government agencies. They also offer trainings in penetration testing.

More information about EC-Council is available at www.eccouncil.org.