TRENDING:

Tips for the Endpoint Warrior

Linda McGlassonNovember 2, 2007    

Know What Assets You Have and Where They Are – This may sound very basic, but after one laptop turns out to be missing, the basics look like very good rules to follow. Do your physical security procedures also require equipment coming in and out of your institution to be checked in at the front desk? Also, remember to get back any assigned equipment when an employee leaves the institution.

See Also: The Hidden Threat: Understanding Insider Risks

Spell Out What Is Allowed, And What Is Not – Take a look at your security policies to ensure that you’ve spelled out clearly which devices and activities are allowed. This one action will save a lot of time and clear up any grey areas your employees might have in regards to acceptable use on the institution’s networks. One example is a policy that does not allow any instant messaging software or proxies to be downloaded onto an employee’s workstation, except with permission from the information security officer.

Monitor As Much As You Can – The monitoring includes both external and internal activities. Manager of Information Technology at United States Postal Service Federal Credit Union Alan McHugh has his automated monitoring tool set to alert him whenever general employees try to FTP anything in or out of the network.

Block Sites and Activities That Don’t Have Anything To Do With Work – When possible, you may want to consider blocking access to certain IP addresses, including the social networking sites. Unless there is a business reason to allow access, it’s a wise move.

Not A Mouse or KeyBoard? Don’t Plug It In – Both McHugh and Keith Gienty, Director of Information Technology at Northwest Corporate Credit Union, recommend setting up monitoring devices that will stop your users from plugging in external drives, USBs into PCs. It also helps to block any copying of files onto CDs or other media.

Encrypt Laptops – Why suffer a data breach because you didn’t encrypt the laptops that are leaving your institution? Plan ahead, even if you don’t utilize laptops in your organization, you may be using them during a disaster (think telecommuting during a pandemic).

Use Network Access Control – By using smart network access control solutions this will help you enforce your security policies and ensures even if non compliant devices are plugged into your network is locked down and stopped before anything can happen.

Previous
You Vs. the Users
Next
ID Theft Red Flag Rules: Now the Hard Work Begins

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.