What We're Reading, Week of 3/15

Agency Insider Blog… Who’s Breaking the Rules on Your Staff? Linda McGlasson looks at a poll that shows more than one in 10 U.S. employees says they’ve known they were violating policies put in place by their company’s IT departments, but violated them anyway to get their work done. Linda says that technology plays a part in detecting policy-breakers and evaders; compliance tools are needed to make sure employees are following the rules. Without them, organizations face breaches and the possible loss of data, which can lead to major problems for the company. IT Business Edge… Password Management: What Employees Should Know Paul Mah offers five aspects of good password management that employees need to know. The password cannot be too short or else it will be compromised very quickly. Avoid reusing passwords between personal and work accounts and know that IT staff will never ask for your password. Employees are welcome to change a password at any time and should do so often. With employees increasingly accessing their work accounts from remote locations, users need to be educated on the necessity of changing their passwords regularly. SearchNetworking.com… NAC Appliance Combats Unwitting Insider Threats from Infected Devices This article by Jessica Scarpati discusses what can happen if a user is causing attacks within their own network, whether it’s malicious or accidental. After dealing with an employee whose personal laptop infected the network, a northern California credit union is using a network access control (NAC) appliance to prevent insider threats. The company says they haven’t suffered any more breaches with the NAC appliances. They keep systems administrators busy with alerts,...

What We’re Reading, Week of 3/15

Agency Insider Blog… Who’s Breaking the Rules on Your Staff? Linda McGlasson looks at a poll that shows more than one in 10 U.S. employees says they’ve known they were violating policies put in place by their company’s IT departments, but violated them anyway to get their work done. Linda says that technology plays a part in detecting policy-breakers and evaders; compliance tools are needed to make sure employees are following the rules. Without them, organizations face breaches and the possible loss of data, which can lead to major problems for the company. IT Business Edge… Password Management: What Employees Should Know Paul Mah offers five aspects of good password management that employees need to know. The password cannot be too short or else it will be compromised very quickly. Avoid reusing passwords between personal and work accounts and know that IT staff will never ask for your password. Employees are welcome to change a password at any time and should do so often. With employees increasingly accessing their work accounts from remote locations, users need to be educated on the necessity of changing their passwords regularly. SearchNetworking.com… NAC Appliance Combats Unwitting Insider Threats from Infected Devices This article by Jessica Scarpati discusses what can happen if a user is causing attacks within their own network, whether it’s malicious or accidental. After dealing with an employee whose personal laptop infected the network, a northern California credit union is using a network access control (NAC) appliance to prevent insider threats. The company says they haven’t suffered any more breaches with the NAC appliances. They keep systems administrators busy with alerts,...

What We're Reading, Week of 3/8

Gartner Blog… Lawrence Orans Guest Post: NAC Panel at RSA Conference Lawrence Orans shares some highlights from a panel outlining the best practices for NAC that he moderated at the RSA Conference. Session attendees asked questions about choosing EAP methods, handling exceptions (non-802.1X-capable endpoints) and troubleshooting failed authentications. Lawrence says his main takeaway from the session is that the industry still needs to step up and provide solutions that ease the deployment and the manageability of 802.1X. Network Security Blog… The Network Security Podcast, Episode 188 This week’s Network Security podcast discusses the latest security news and gives a recap of the RSA Conference, including Martin McKeay’s panel on disclosure. eSecurity Planet… Top Ten WiFi Security Threats This contributed article from Lisa Phifer looks at the top ten threats when using WiFi. They include data interception, denial of service, rogue APs, wireless intruders, misconfigured APs, ad hocs and soft APs, misbehaving clients, endpoint attacks, evil twin APs and wireless phishing. To stay protected, make sure to route all hotspot traffic, even public, through a trusted, authenticated VPN gateway. The Ashimmy Blog… If the Security Industry Cannot Give You 100% Protection, Is It a FAIL? This post discusses a recent Robert McMillan article that says, despite billions of dollars in security spending, it’s still surprisingly hard to keep corporate networks safe. Alan says security is about managing risk; although you can never eliminate the risk, you can make it less likely to occur. Good security is about having process and procedures in place, including incident response. It’s important to be able to handle an incident when it occurs, in addition...

What We’re Reading, Week of 3/8

Gartner Blog… Lawrence Orans Guest Post: NAC Panel at RSA Conference Lawrence Orans shares some highlights from a panel outlining the best practices for NAC that he moderated at the RSA Conference. Session attendees asked questions about choosing EAP methods, handling exceptions (non-802.1X-capable endpoints) and troubleshooting failed authentications. Lawrence says his main takeaway from the session is that the industry still needs to step up and provide solutions that ease the deployment and the manageability of 802.1X. Network Security Blog… The Network Security Podcast, Episode 188 This week’s Network Security podcast discusses the latest security news and gives a recap of the RSA Conference, including Martin McKeay’s panel on disclosure. eSecurity Planet… Top Ten WiFi Security Threats This contributed article from Lisa Phifer looks at the top ten threats when using WiFi. They include data interception, denial of service, rogue APs, wireless intruders, misconfigured APs, ad hocs and soft APs, misbehaving clients, endpoint attacks, evil twin APs and wireless phishing. To stay protected, make sure to route all hotspot traffic, even public, through a trusted, authenticated VPN gateway. The Ashimmy Blog… If the Security Industry Cannot Give You 100% Protection, Is It a FAIL? This post discusses a recent Robert McMillan article that says, despite billions of dollars in security spending, it’s still surprisingly hard to keep corporate networks safe. Alan says security is about managing risk; although you can never eliminate the risk, you can make it less likely to occur. Good security is about having process and procedures in place, including incident response. It’s important to be able to handle an incident when it occurs, in addition...

More doctors are embracing Smartphones, but are they secure?

Nearly 64 percent of healthcare professionals are using Smartphones and more than 100,000 physicians are actively using medical applications as reference guides and platforms to input patient data.  Ddoctors can enter lab results and prescribe medication via an ePrescibing application.  As more doctors and healthcare professionals use handheld devices for functions like this, it is important for hospital IT departments to secure and manage these devices.  According to MedPage Today, smartphones have gained huge popularity among these healthcare professionals because of the functionality and ease of use.  As smartphones prove to be the preferred device, hospitals need to rethink their network’s current infrastructure and support a variety of devices, rather than just a hospital authorized...