Trusted Outsiders Can Be Big Security Risks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
9/30/2010
03:56 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%

Trusted Outsiders Can Be Big Security Risks

Ever have a trusted salesperson, contractor or customer bring by a flash drive with a file by for you to view on one of your company's machines? Ever regret letting the outsider's drive inside your perimeter?

Ever have a trusted salesperson, contractor or customer bring by a flash drive with a file by for you to view on one of your company's machines? Ever regret letting the outsider's drive inside your perimeter?You may allow your most trusted employees certain leeways and latitudes when it comes to their use of your business's technology -- but what abut your most trusted vendors, contractors, customers and partners?

I was talking recently with a friend who's an industrial products salesman, and among the matters we discussed was how easy technology had made it for him to show customers and vendors photos, schematics, other materials.

"Just pop a thumb drive in one of their machines, and there you go," he said.

No USB-drive monitoring? No security alarms going off?

He may still be laughing.

"Are you kidding?" he said, admitting that one company preferred that he connect a camera or phone to their system rather than a thumb drive because, according to his customer, "Cameras and phones are safer."

Now, odds are that the leeway they grant to my friend extends to people not as tech-savvy as he is, and probably extends to everybody. (Odds are, actually, that their systems are leaking information like sieves.)

But we all know of security-conscious and careful companies that do extend similar access to trusted outsiders, and do so for reasons of convenience, expediency or constancy of the vendor's presence in their business.

You know your vendors, you know your systems, you know your security procedures and tools, you know your comfort-levels with granting access.

Problem is, you may not know the levels of understanding your trusted outsider possesses on these very same matters.

The spread of USB-borne attacks isn't likely to abate; A quarter of malware now arrives via USB, and we're still in, alas, the fairly early days of device-borne attacks.

At the very least, it's a good idea to insist that your trusted outsiders adhere to the same policies, monitoring and scans that your employees must meet.

Insist that any device brought into your workplace be equipped with up-to-date security software.

Deploy tools that monitor all devices and drives on your network.

Too much trouble?

Considering doing what my salesman friend and I have discussed:

Set up a dedicated, non-networked computer for viewing materials brought in by vendors or customers. Equip the machine with security software, and use the machine only for outsider presentations and other materials. Scan it in depth after every such presentation.

Suspenders and belt? Sure -- but these sorts of safeguards can help keep your business from getting caught with its security pants down as a result of a sloppy or unaware outsider who has something you "just have to see."

While you're at it, you might want to review those internal leeways and latitudes you grant, as well.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
Slideshows
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Commentary
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll