Welcome to WebmasterWorld Guest from 54.224.34.226

Forum Moderators: LifeinAsia & httpwebwitch

Message Too Old, No Replies

What security measures are you taking

Just read an new report on cyber hacks

     
2:59 pm on Feb 18, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3500
votes: 8


This isn't part of my job here at my company but it does become part of my job if our sites are infected due to a comprimised network.

[foxnews.com...]

How do you control what employees do in their email system? Is it suggested we do a security teaching training to make them aware what not to do?
This has gotten so serious I am searching for what we as a company should begin doing.

Maybe a weekly meeting say 20 minutes on internet security just to keep their guard up and not let them forget it is an everyday war.
3:36 pm on Feb 18, 2010 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:23040
votes: 330


I always find that it's an ongoing thing.
I used to run the information on an intranet, but it became a problem when people were just not reading the valuable information collated, then, it fell into disuse.

Nowadays, I always circulate the latest news on hacking and phishing via e-mail, reminding people to be vigilant. Most are savvy, anyway, however, all it needs is the guard down for a short while.
4:10 pm on Feb 18, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3500
votes: 8


Most are savvy, anyway,
you would think but from what was hacked doesn't look that way.
7:21 pm on Feb 23, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2002
posts:2162
votes: 0


You cant really blame users for clicking links, the security systems need to cope with whatever threats are out there.

There are some web layer products like palo alto that can help with new types of threats but if directors of companies dont regulary have external pen-tests and vulnerability assessments they are to blame imo
9:54 am on Feb 24, 2010 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts:2889
votes: 5


At the time of the ILOVEYOU outbreak 10 years ago we had the policy at the company where I worked to stop all emails which could be a threat, including emails containing Word documents, ZIP files, etc and all these emails were manually scanned and forwarded by a trusted employee of the IT department. If it couldn't be scanned, it was simply returned to the sender with the request to send the email again in an accepted format. (PDF wasn't known to be unsafe 10 years ago ;))

In that time it was a great way to deal with this kind of threats while many employees were struggling at home to try to remove these and other infections from their personal computers. This kind of manual scanning uses human labor and may because of privacy concerns also not be appropriate in specific settings. The company I am talking about was a technical company where most emails coming in and out were production data, drawings etc, nothing privacy related. There was a stand-alone PC in separate room with an Internet connection which people could use for their private Internet activities.
7:25 am on Mar 17, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 1, 2009
posts: 17
votes: 0


what a safe idea from lammert about the stand-alone PC.
I agree with aspdaddy you should contract a vulnerability assesment firm to examine the programming of your site, so your webmaster applies those reports to strenghten its security.
There are many programs to monitor every activity of every PC remotely and report to you as the Manager, and there are also programs which prevent unauthorized access to CD/DVD trays or to USB unauthorized copying etc.
Goodwill teaching is sometimes not so effective as the monitoring measures hereby mentioned.
Keep all this in mind and contract an advanced security suite as Bullguard, which is highly custom-configurable.
12:53 pm on Mar 20, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 12, 2004
posts: 1355
votes: 0


We've started switching employees to using Macs. This has been more effective than anything else we've tried. Our employees have to review web sites as part of their responsibilities, which inevitably would lead to viruses, but not on the Macs.