19 Apr Demand for information access creates IT vulnerabilities
MILWAUKEE – As information technology expands, so does the risk for businesses that are not prepared to manage their most trusted data and proprietary information.
The same inter-networking technologies that extend new avenues of communication and commerce to clients and co-workers are leaving businesses more vulnerable than ever before, says Paul Rozek, director of technology services for Jefferson Wells International in Milwaukee.
As customers demand more timely access to information in areas such as online banking, and as wireless technology proliferates, these and other information gateways are creating vulnerabilities at an exponential rate. Rozek says.
“All of these things that are happening are creating more privacy concerns and potential headaches,” Rozek said last week in Milwaukee before a group of network and IT security managers hosted by eInnovate.
With its vast network and highly decentralized system, the City of Milwaukee has many points of entry for hackers to get in, noted the city’s chief information officer, Randy Gschwind. As information systems continue to proliferate, with multiple city departments running different programs, it becomes difficult to get a handle on putting the proper network security controls in place.
“There are a lot of doors to get in,” Gschwind said. “As we continue to further improve communications and open things up to make business easier to conduct, it makes everything easier for hackers to get if we don’t properly secure it.”
Several years ago, the City of Milwaukee found itself taking the concept of open city government to an unanticipated level.
Before firewalls were installed on its network, the city noticed the bandwidth on its computers had increased. Upon closer inspection, it was discovered that two men from Japan and Korea were using the bandwidth on the city’s network to communicate with other places around the world and run their business.
In another case, a consultant riding with a local Milwaukee TV station was able to exploit a weak point in a WiFi system when an employee in city hall set up a remote camera without establishing the proper security configuration. The consultant was able to gain easy access and view the entire city network.
“There are so many ways to get into networks now,” Gschwind said. “It used to be not that long ago that our networks were stand-alone, and now we are connected to the rest of the world.” With better security in mind, Jefferson Wells is currently conducting a system-wide vulnerability test on the City of Milwaukee network to identify potential weak points and holes.
“You have to worry about taking the proper security precautions,” Gschwind said. “This is a multidimensional problem. You really have to lock it down.” In order to assess and control security risks, Rozek recommends the following:
Target critical business information.
Identify where this data is created and stored and the points of access to this information.
Determine those employees and business partners with access and who truly needs it.
Identify and fix weak links and insecure systems.
Examine procedures to be followed in the event networks or systems are compromised.
Underscore the need for effective IT governance and enterprise IT policies and procedures.
If companies and organizations do not keep up with security by continually adopting new processes and new technologies, they will fall behind, and the net result is that their information security will suffer for it, Rozek said.
It is critical to communicate the importance of information security to management, because if they don’t understand or support it, it will become less important within the organization and eventually lead to security breaches, Rozek added.
Chief information officers and IT security managers can maintain credibility for their efforts? by citing business benefits and by gathering metrics to support those security benefits, Rozek said. When making the case, it is important to communicate the success of security solutions and what is at risk without the proper controls in place.
“As we become more and more connected with all of these devices, there are just increasing ways for others to break in and use these resources,” Gschwind added. “We do these things for productivity, yet you wouldn’t leave your car unlocked with your laptop and your wallet on the front seat.”
“What you are really trying to do is fix potential problems before they become real problems,” he said.
John Rondy is a freelance writer based in Milwaukee. He can be reached at firstname.lastname@example.org.