Companies urged to tighten security practices

By

Threats from within--such as disgruntled or former employees--are one of the greater security threats facing organisations, according to Mark Mortimore, senior technical specialist for TechNet/Security at vendor Microsoft.


Internal security breaches continue to be among the greatest threats facing organisations, argues one security professional.

Accidents, such as lost encryption keys, accidental deletion or not having a backup of data were also high security threats for organisations, said Mortimore.

He used the example of an IT professional who had inadvertently skipped creating a backup of their encryption keys when reinstalling an operating system. After unsuccessfully trying to crack the encrypted drive, the IT pro had to accept the data wasn?t recoverable.

Other threats Mortimore cited included natural disasters; and threats from outside a company, such as hackers, viruses and cyber-terror.

Mortimore explained to a session at Microsoft?s Tech Ed conference about the steps he saw as important for organisations implementing security processes.

He urged IT professionals to engage executives in their organisations in helping identify what was most important to protect, and also to carry out a security assessment of the current infrastructure. ?What if one of these assets were compromised? Those are the assets you need to identify and protect most,? Mortimore said.

Performing ongoing security management such as drills, as well as revising and improving plans were other areas he highlighted. Mortimore said that making sure that there was redundancy in the security plan and that security standards were in place before an attack occurred were other important points to remember.

?Organisations should also put in place processes for employee training and to create awareness of security threats,? he said. ?Employees - they?re the ones that help you enforce and drive forward your policy.?

He said that there was ?no patch for bad judgement?, such as users who might write their passwords on a sticky note and then attach it to their monitor.

Likewise, Mortimore warned companies to make sure that they patched vulnerabilities quickly enough. ?Everyone has a patch strategy, whether they know it or not,? Mortimore said. ?Patch management is part of your risk management strategy.?

Laws Clause: Vivienne Fisher travelled to Tech Ed 2003 courtesy of Microsoft.

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

ADHA readies market test of Accenture's $788m My Health Record deal

ADHA readies market test of Accenture's $788m My Health Record deal

Western Sydney University establishes dedicated data function

Western Sydney University establishes dedicated data function

Microsoft to cut about four percent of jobs amid hefty AI bets

Microsoft to cut about four percent of jobs amid hefty AI bets

DeepSeek faces ban from Apple, Google app stores in Germany

DeepSeek faces ban from Apple, Google app stores in Germany

Log In

  |  Forgot your password?