Managing the Rogues in Your Network

Within any organization, there are employees who are always diligent about following company procedures. Then there are “rogues,” people who mean well, but are free spirits and don’t always think about the ramifications of their actions.  For people involved in creative roles, that’s terrific, but when it comes to managing a network, it can be problematic. 

As IT teams continue to work hard to protect their networks from viruses and other forms of malware, here are a few activities employees sometimes undertake that can put the entire enterprise’s network at risk:

  • Creating unauthorized wireless networks – Sometimes, a workgroup within a company will decide to create their own wireless network to share content more easily.   They may do this to secure faster data speeds, or because their project is confidential and don’t want it available to other employees.   However, if they don’t set up the wireless network properly, they open the entire company up to hacking.
  • Connecting unapproved wireless devices – Most people today have a smart phone, tablet or both.  Everyone wants to connect their devices to the network to get their content anytime, anywhere. While that’s a laudable goal, connecting these devices improperly opens the network up to intrusions.
  • Forgotten test servers – Many organizations employ test servers either to evaluate software the IT team or others have purchased before loading it onto the network, or to test applications under development within the company.   On many occasions, the team testing the software or the application then move on to other projects, but the test server is still connected to the Internet.  Without proper safeguards, these servers are ideal gateways for hacking into the organization’s network.
  • Incomplete IT procedure manuals – IT teams, like many other disciplines within an organization, have had to learn to do more work with fewer resources over the past 3-4 years.  One of the projects that has fallen by the wayside in many organizations is developing and updating IT procedure manuals.  Among the basic procedures these manuals should include are:

        1. How to create “strong” passwords less open to hacking

        2. Information on email attachments that are safe to open, and how to recognize those that might be unsafe

        3. Rules against downloading free software

  • Out-of-date or insufficient network security – In a network with multiple locations and multiple servers, it’s easy for security software to become outdated.  And, many IT teams lack the resources to deploy security solutions beyond firewalls and antivirus software.  Employees often will receive messages that their security software is out of date, but just “assume” their IT teams are handling it. 

In fact, creating a secure network today is much more than just installing firewalls and antivirus software.  For example, because no antivirus package can mitigate against all threats, IT teams should plan to deploy several packages to minimize the chance of a network intrusion.

Robust security practices are so important that my colleague, Patrick Luce, will devote next week’s Vector Views blog exclusively to “defense in depth” strategies IT teams should consider to achieve maximum network protection.

As we all strive to build and maintain secure networks, I look forward to hearing your thoughts and viewpoints.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: