Security Controls Around Communication Channels
Safeguarding company assets have become more and more critical over the years. It seems like just a few years ago having a firewall, anti-virus software, and partially aware employees were plenty to keep your company safe. Today, this is no longer the case. Every company needs layered security for their communication channels. Defense in depth refers to multiple layers of protection for a company. This is the process of having more than technology in place. Companies need a human, physical, and logical protection mechanism in addition to security technology.
Communication channels in a company give employees ways to collaborate and communicate like never before. This makes companies more productive and efficient. These methods of communication need constant security controls to ensure safe internal communication. These communication channels store a great deal of confidential, sensitive, and proprietary information. One breached channel could be devastating to the company.
Types of Security Controls for Communication Channels
Defense in depth to help secure these channels can consist of many different methods. Physical security helps restrict access to the office building or office suite. Each employee should only have physical access required to do his or her job. Someone in accounting does not need access to the IT rooms, but IT would need access to all spaces as an example. Doors should auto-lock and employees are only granted access based on the badge or code authentication. Companies also need a no tailgating policy. This will educate employees not to let other people follow them into a space without badging in themselves.
Human security is accomplished by constant awareness training. Employees need to be trained on the physical, Human security requires constant awareness training. Employee training on the physical, human, and software security controls are necessary. Each employee needs to know the difference between a legit email, a spam email, and a phishing email. Other necessary training includes the proper use of computer systems, networks, applications, and email to name a few. Social engineering is a hacking technique that is picking up much traction. Employees must be diligent around whom they come in contact with on work communication channels. This style of hacking is possible over the phone, in person, or via email. This needs to be part of the onboarding training as a new hire and continuing education throughout their employment. Most companies’ acceptable use policies cover these topics.
Software and Application Security
Software and application security controls help protect companies. This method provides logic security around authentication and access methods. Most of the critical information today is stored in some type of application. Protect these applications through the use of multiple forms of authentication. This includes file and role-based permission and proper placement on the network.
Hardware security protects company data by providing solutions such as encryption. Encrypt your hard drives to prevent access to data if stolen. Hardware and software encryption can be set up to protect data in transit for sensitive data transferred by email, web or FTP. Hardware appliances, such as SIEM collectors, monitor network traffic in real-time for malicious activity.
Types of Communication Channels
These types of defense tactics can be deployed together to protect communication channels. Different commDeploy these types of defense tactics together to ensure secure forms of communication. Different communication channels provide distinct advantages and disadvantages per use for a company. Each channel also needs its own security solution design. This is to protect the information contained within the channel.
Email is the most widely used communication channel. It is also the one that is most exploited. Most cyber-attacks today start with an email scam. Protecting this channel is imperative. A combination of encrypted email systems, DLP, spam filters, and user awareness training needs to be in place to secure a company’s email.
Work Phone Communication
Smartphones and texting are becoming more and more used in companies. Companies are issuing phones to employees that will have access to company resources. The companies also allow employees to text each other for bSmartphones and texting are becoming more and more used in companies as a communication channel. Companies are issuing phones to employees that will have access to company resources. The companies also allow employees to text each other for business purposes. Employees are also guilty of texting for personal reasons as well. These phones are critical to protect since they are mobile and contain so much company information. This is beneficial to a company because an employee can be more productive by having their email and apps on the go. Employees do need to be aware of their device at all times. A stolen smartphone can be an immediate breach for a company. User training in addition to security policies can protect the phones. Most companies have a mobile device management (MDM) solution to manage the phones. This gives the company the ability to remotely wipe all data from the phone to prevent information theft. MDM also enables enforcement of security policies on the devices such as passwords on pin codes to open the phones.
Social Media Communication
Social media is becoming more and more utilized by companies. This communication channel is excellent for reaching clients or prospective clients. You can market to these groups easily which allows for quicker growth of the company. This is a great benefit to a company when they can reach their market in just a few clicks. The downside is that social media is probably the most hacked platform in existence. If hacked, a social media platform or an employee’s account can hurt your customer base. They could receive false messages from the employee’s account to hack their account. This is the new age worm virus. When misused, it could quickly ruin the reputation of a company if social media. If you require or allow employees to have company social media accounts, you must train them on the proper use of their account. They need to have strong passwords on these accounts and only post company-related content. It is also a wise decision to deploy social media monitoring software. This can automate alerts if anything negative happens on the company’s account.
How do you securely manage communication in the office?
Defense in depth is required to provide proper security controls to companies today. Company owners and executives need to be aware of what it takes to secure data and communication channels properly. Most of the people in these positions still have the old way of thinking. They believe that having a firewall and anti-virus software is enough, but it is not. They need to be educated on defense in depth. Also, they need proper training to know where their company’s data lives inside various communication channels. Once identified, these channels are safer using the defense-in-depth method.
Contact us now to learn more about how we can help your business maintain secure communication solutions. We offer IT services for businesses in multiple Greater Houston areas including Sugar Land, Woodlands IT Services, IT Services Katy, Richmond, and Cypress.
Montesino, R., Fenz, S., & Baluja, W. (2012). SIEM-based framework for security controls automation. Information Management & Computer Security, 20(4), 248-263. doi:https://dx.doi.org.library.capella.edu/10.1108/
Beckman, M. (2005, 09). Protect vulnerable employee data. ISeries News, , 49-52. Retrieved from https://library.capella.edu/login?qurl=https%3A%2F%2Fsearch.proquest.com%2Fdocview%2F219545626%3Faccountid%3D27965[addtoany]