“Irish companies are facing a major challenge in ensuring that their IT infrastructure is safe”
May 23rd 2016
Irish companies are facing a major challenge in ensuring that their IT infrastructure is safe and protected from external attacks, according to IT Force’s chief organisational officer Roisin Cahill.
While many companies are struggling to keep up with technological developments and with information security in particular, there are certain areas that are particularly challenging. “Mobile in particular challenges the business, because important data can be widely accessed outside of the organisation on mobile devices. The majority of workers mix personal and work devices, and employees often do not realise the risks they are taking when sharing, sending or receiving corporate data on a smartphone or tablet, especially if it is their own personal device,” said Cahill.
“Another major technological development we often see in IT Force is the proliferation in usage of social media sites. Sites like Twitter create the illusion of familiarity and intimacy with followers, which may result in employees sharing information regarding the business which the employer would have preferred to kept secret.”
From an ‘under the hood’ perspective, vulnerabilities created by a lack of patching also pose a serious threat, as this is an area that businesses may not be consciously aware of.
“It’s very important that companies can rely on their managed service provider or in-house team to adopt a suitable patching policy to protect them. For example, in 2015, Microsoft announced that it would no longer provide support for Windows Server 2003. Since then, no patches or security updates have been available for this software,” said Cahill.
“However, both physical and virtual Windows 2003 servers are still in use and these outdated servers are now a prime target for anyone intent on penetrating the networks where these servers reside. A similar situation exists with Windows XP. That said, even on sites where Windows Server 2012 is in place, security patching still needs to regularly take place to avoid attack.”
According to Cahill, the hardest threats to protect companies against are those which are posed not by technology, but by the people using it.
“While there are a number of factors which can leave companies at risk, one of the most overlooked relates to the employees in the company itself. Though rare, internal attacks from disgruntled employees are one of the biggest threats that can face a company’s data and systems, particularly when the employee may have access to networks, data centres and admin accounts,” she said.
“It’s important to mitigate against this threat by terminating accounts that are no longer in use or connected to employees who are no longer at the company. Monitoring and controlling activity that takes place using admin accounts is recommended, along with the creation of alerts so that malicious activity can be identified early.”
At the same time that Irish businesses are becoming more dependent on information and communication technologies, their employees also expect to have the freedom to use their personal devices to access both personal and work-related material.
“This needs to be balanced with the organisation having adequate security mechanisms in place to protect company data. Sophisticated software solutions are now readily available to assist organisations to meet these challenges,” said Cahill.
“Most companies realise that a breach of security is not a matter of if, but when. To minimise the impact of a breach when it occurs, it is advisable to complete a risk assessment, so that the company understands where their valuable data is and how it can best be protected.”
Following the risk assessment, a disaster recovery and business continuity plan can be developed and tested.
This interview between Roisin Cahill and Alex Meehan of the Sunday Business Post was published on the 23/5/2016.
To learn more about the benefits of managed services or value IT Force can bring to your company; please contact us at firstname.lastname@example.org