Modern firms may believe they're not vulnerable to security scams. However, for every large organisation that glides through the year without any mishaps, there are many that suffer perilous incidents. Here's a look at six security holes that are often wide open, and what you can do to close them.
For every large organisation that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing incidents and even a crisis involving Bluetooth sniper rifles used to steal company secrets.
Here's a look at six security holes that are often wide open, even in companies that take great pride in their security precautions. We checked with security consultants to find out what you can do about them, before they occur.
1. Unauthorised smartphones on Wi-Fi networks
Smartphones create some of the greatest risks for enterprise security, mostly because they're so common and because some employees just can't resist using personal devices in the office - even if their employers have well-established policies prohibiting their use.
"The danger is that mobile phones are tri-homed devices - Bluetooth, Wi-Fi and GSM wireless," says Robert Hansen, founder of the onternet security consulting firm SecTheory. Employees who use their personal smartphones at work "introduce a conduit that is vulnerable to potential attack points", he explains.
If you use a device like a smartphone that spans multiple wireless spectrums, "someone in a car park could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect to a smartphone, then connect to a corporate wireless network," says Hansen, who is also known by his alias, RSnake. Bluetooth is the open portal that lets a hacker access Wi-Fi and therefore the corporate network.
A Bluetooth sniper rifle
Hansen says policies that simply disallow smartphones aren't likely to be effective - employees will be too tempted to use their gadgets at work even if they're prohibited. Instead, he says IT should allow only approved devices to access the network. And that access should be based on MAC addresses, which are unique codes that are tied to specific devices - making them more traceable.
Another tactic is to use network access control to make sure whoever is connecting is, in fact, authorised to connect. In an ideal world, companies should also separate guest access Wi-Fi networks from important corporate networks, says Hansen, even if having two wireless LANs means some redundancy and management overhead.
Another approach: Provide robust, company-sanctioned smartphones on popular platforms, such as Google's Android, and thereby dissuade employees from using nonsupported devices. By encouraging the use of approved phones, IT can focus on security precautions for a subset of devices instead of having to deal with numerous brands and platforms.
- Deal with these before it's too late
- Open ports on a network printer
- Social network spoofing
- SMS text messaging spoofs and malware infections
NEXT PAGE: Open ports on a network printer