CREJ - Property Management Quarterly - February 2015
Only four out of the 783 data breaches that were reported in 2014 saw more than 83 million records exposed. All of these attacks, big and small, - were carried out to make a public point about the company, to gain financially, to steal intellectual property or to use the company’s network to attack other companies. The one thing that all 783 attacks had in common was the lack of comprehensive security solutions. Attacks are happening every day. Some will be successful and some unsuccessful. It all depends on how you look at network security, the technology you deploy, the policies and procedures you develop and the technical resources providing your support. No matter what the motive is for an attack, the outcome is always the same. Records get compromised or leaked, there is a financial impact to the company and, most of all, the company’s reputation is damaged. If property managers only offer their tenants Internet service as a provider, similar to Comcast or Century Link, then it’s up to the tenants to provide all the needed security. But if property/ facility managers offer some kind of firewall or security, which some do, the managers become liable. Firewall and security devices. With the different attack vectors, including direct attacks, social engineering attacks or compromised websites, a standard firewall will only protect so much. This is when property managers must look at other security devices to complement a firewall, such as a unified threat management firewall, content filtering, Web application firewall or intrusion detection systems/ intrusion prevention systems. These technologies will help protect users and their information. A UTM firewall offers the convenience of several security solutions integrated into a single platform. This technology is one of the increasing trends in network security today to provide the protection needed to decrease the risk of a data breach while controlling the total cost of ownership. A common trend in firewall implementation is to allow all outbound traffic from the internal corporate network to pass without inspection or validation. When trying to provide security, it is imperative to understand what is leaving your network and why. An example would be if a workstation becomes compromised or infected, but that workstation is still allowed to talk outbound to the Internet without inspection. If this happens, it could then go back to the hacker’s server, which would allow the hacker to gain command and control. When you limit what outbound traffic is allowed, you will block most connections back to the hackers. Configuration and monitoring. Misconfigured devices or default configurations are still some of the biggest threats to a network. More attacks are successful and compromise networks or devices because of a misconfiguration on a device or default configuration left on a device. When setting up security devices, it is best practice to change all default accounts, passwords or configurations. (There are websites available for hackers that list devices that have default configurations.) Network monitoring. Monitoring network traffic to determine what is malicious activity is a full-time job. Most organizations struggle here for several reasons, including lack of skilled resources, lack of policies and procedures, and lack of sufficient technology to understand what is happening in their environment. Without proper monitoring or reporting of the security devices, property managers will have blind spots, which is a major risk. If the firewall is not monitored for drop connections, an infected workstation will go undetected and can call out to the hacker’s server to allow the hacker to gain control. The monitoring of a network is one of the greatest tools that you can use. Regular-risk assessments. A lot of companies fall into a false sense of security when they implement the latest security devices. Often they believe they are protected and nothing else needs to be done. The problem is that attackers are always creating new ways to gain access. Another best practice that is trending is to have a regularly scheduled risk assessment. When having security assessments preformed, all network-connected devices should be tested to see if the testers can gain access to the devices. Additional services, such as social engineering, are important and need to be considered in the assessment. If an attacker can socially engineer one employee to open access through the firewall, all users are at risk. Once the risk assessment is completed, managers will get a report of the vulnerabilities or risks to the network and hosts. There are reputable companies that can provide extra security. I have touched on different areas, but the one thing to remember when offering security to your users is that they trust you to protect them from attackers. How you protect them says just as much about you as how you manage the property. A data breach will make the news and names will be printed. Don’t let this happen because of a misconfigured device or a poorly planned security device.