There’s nothing straightforward about project security, but there are quite a few best practices that can keep a good number of organizations guarded against the most pervasive and probable threats.
A research from Echelon One and Venafi, an enterprise key and certificate management company, says that a great number of IT departments (more than half) are at fault at some very important security related practices.
Given below are four things your IT department should care about in order to be able to guard your company in a better way.
According to the study, around 82% of IT departments in most companies fail to rotate SSH keys annually. The failure to do so puts a company at great risk because employees that are parting ways with the company may be able to access crucial details and cause company damage.
Every year a great number of employees leave companies. Every staff member that leaves takes some information along him or herself, which if reaches unsafe hands can cause a great amount of damage to the company. In order to secure against such damages, companies should keep changing SSH keys annually and make sure they are not easily guessable.
The most important thing is the ‘training’. The human element of any organization is easily the most vulnerable. It does not really matter how good of security software you use, it will not work properly if the people operating it are not well aware of how things work.
Software should be fully implemented and staff members should be trained in using the software and the internet. Firewalls and security software can do so much, a lot of the dangers that security system faces comes from within. Staff members should be taught how to use computers properly. Tips include not using flash drives without scanning or not clicking links that look suspicious.
The study from Echelon One says that around 77% of companies fail to take steps in this regard. It is recommended that quarterly training sessions be conducted and staff members be taught the best practices.
The data hosted on the cloud is most vulnerable. It is guarded by the security system provided by the cloud service provider. Things are not really in your hands. However, there still are some tips that can be of much use.
Firstly, one should use a service provider carefully – one that uses the right kind of software and guarantees security. Secondly, data should be encrypted so that the risk of it reaching unsafe hands is minimized. Plus, the right encryption keys should be used. Report from the National Institute of Standards and Technology suggests that 1024-bit encryption keys are considered obsolete now and companies should turn to 2046-bit encryption keys.
Almost every company uses digital certificates to validate services. Digital certificates are susceptible to fraud, and must be changed when compromised. A management process should be in place to look after this matter.