Ashley Madison Hack: Isn’t It About Time We Stop Saying People are the Biggest Security Risk?
Humans do reckless things. We can’t help it. People download malware accidentally. Team members forget a protocol or skip a step when they’re in a hurry. Laptops, tablets and phones are lost and stolen.
The recent, well-publicized hack of the website ashleymadison.com (and before that: Twitter, United Airlines, Target, and more) is a harsh reminder to IT teams everywhere that the biggest risk to security is ourselves and our users. It is possible that their hack was due to improperly secured or reviewed administrative access, which is how many hacks occur.
Ultimately, it comes down to individual user security. And you have to honestly answer this question: are users and your team exposing your organization to possible data breaches? Since a majority of IT security professionals believe their organizations are likely to be hacked this year, your answer should be “yes.”
Although IT pros say “lack of investment in security” is the main reason they have problems, “low security awareness among employees” is another key factor that hinders security efforts. In a recent survey conducted by CyberEdge, a small security consultancy based in Annapolis, MD., 52% of respondents feel that their company will be hacked this year.
To quickly address security concerns, IT departments must take employee training and awareness of security protocols seriously. Many security experts agree that arming their employees with that knowledge is one of the top 10 ways to improve security. But many people simple don’t know what secure behavior is and isn’t, and your IT security team may not know the latest issues and techniques. If an organization the size of the Pentagon can do data security training, so can your team.
But what happens when good employees go rogue? We can certainly hope that they’re listening and following the rules, but let’s be honest with ourselves when we say that we can’t monitor them 24 hours a day. Good passwords are a must (and training will help employees learn how to manage them correctly). What companies need to start doing is consider encryption as a fail-safe plan. Using self-encrypted drives (SEDs) is a great way to ensure that information is secure and protected if it happens to fall into the wrong hands.
Many IT pros know that SEDs protect against data theft if a drive is lost or stolen. But what many IT pros don’t know is that SEDs offer two additional layers of protection:
1. You get an extra layer of security and control from the software that your company uses to managed the SEDs.
2. Since SEDs have their own processor, dynamic memory and pre-boot environment, they are isolated from the rest of the system, where viruses and malware often reside. That not only makes them resistant to software attacks, it also means they cost less and outperform conventional software encryption solutions.
That means SEDs help protect against two of the most common security risks–hardware loss and hacking due to malware installation.
IT teams know now that security should be one of their company’s top initiatives. And once you start weighing specific tactics, we hope you will consider SEDs as one of the top tools in your security toolkit.