Many times we think of security as policies, software, hardware and other such things; however, there is a lot more to it. When securing your network (especially in a large company with multiple locations) it’s imperative to perform log monitoring and analysis, install the latest patches and check logs of firewalls; however, there is one other small thing that can be done and costs nothing in the short amount of time it requires to be completed.
I’m talking about taking a walk through the offices and observing. It’s as simple as that; and it’s amazing what one can find out by simply targeting the human element of the network, who, through their actions or lack of, might pose a security risk to the IT infrastructure. The best time for such an exercise would most likely be during break; however, random times could work just as well.
Things to look out for during such an inspection:
- Post-it notes or other pieces of paper stuck to the desk, monitor, under the keyboard or on the computer itself. This is exactly what security personnel hate the most. Countless hours spent securing the network go down the drain because of that person who doesn’t want to spend the time learning their password and so writes it down for everyone to see.
- Unlocked Computers. Sometimes employees walk out of the room and leave their machine unlocked. Hopefully their screensaver will lock it soon but hey, if you walked in on a machine that you can access at that time then so could have someone else.
- Unattended laptops and devices (memory sticks, CDs, DVDs). We hear multiple horror stories about how a laptop with no encryption got stolen with important confidential data on it. It all starts with a laptop left unattended.
- New Devices! We all dream of waking up one morning and finding nifty new gadgets that we didn’t even have to buy waiting for us on the bedside table. But that’s great only so long as it’s a dream; it’s actually a nightmare if it happens at the workplace especially if the new device is some wireless access point that could be granting access to your network to any passerby on the street.
- Unauthorized devices. While employees might know they’re not supposed to hook personal laptops or portable storage devices to the network that doesn’t mean they don’t do it.
Another possible security exercise could be engaging in some shoulder surfing of your own – take a walk through the recreational area and network with the people there; you never know when you’re going to walk in on conversations such as “I had to change my password again, but it’s okay now since I found a neat trick to make it easy to remember; just add 1 to the number at the end of my password. Can you believe I’m already at 5?!” Confronting the person with any of these infractions will hopefully help to prevent them from violating security policies again!