A quick guide to personal security threats consumers face when using their own mobile devices at work
Digital Defense, Inc. is the premier provider of managed security risk assessment solutions protecting billions in assets for small businesses to Fortune companies in over 65 counties. The company's dedicated team of experts helps organizations establish an effective culture of security and embrace the best practices of information security. Through regular assessments, awareness education and rapid reaction to potential threats, company's clients become better prepared to reduce risk and keep their information, intellectual property and reputations secure.
Info Security PG: What are the personal security threats workers face when using their own mobile devices at work?
Michael Cotton: Mobile devices and their various sync capabilities will deposit large amounts of cached emails, saved passwords, and other sensitive information on any computers they sync with. It is important for employees to ensure that if they are using their device to interface with corporate systems, they are aware of situations where their personal information may be backed-up alongside work related items.
About Michael Cotton
Michael Cotton joined Digital Defense, Inc. in 2003 and currently serves as the Chief Security Architect of the Development team. Mr. Cotton is primarily responsible for the architecture and development of Digital Defense's network assessment engine, which provides automated vulnerability detection services to clients of all sizes across numerous market verticals.
Info Security PG: What’s the difference between a cloud-based solution and a premise-based solution? Are cloud-based solutions more safer?
Michael Cotton: Cloud based systems are typically run by the cloud-application provider from a secure high-availability data center. Premise based solutions are installed and managed by companies on their on-site IT infrastructure.
Cloud based systems offer the substantial advantage of allowing centralized application management for the entire enterprise as they are not tied to any one network. Cloud-based-systems also free IT personal from worrying about things like hardware-failure, physical-security, backups and other headaches that come from running your own data center. Those concerns are better handled by the cloud-application-provider.
Info Security PG: In today’s environment how important is security education and training for employees?
Michael Cotton: Security education is absolutely critical. It does not matter how many firewalls, antivirus systems or other technical security controls that you deploy; the human factor consistently shows up at the heart of most modern data breach attacks.
From an attacker’s perspective, the most important foothold he can gain on a network is the one that gets him past the firewall and other network defense systems. This is typically accomplished by enticing a user to open a malicious email attachment or visit web-page capable of installing a rootkit. Security education is the most important element in combating threats such as these.
Info Security PG: What are some challenges organizations may face when utilizing automated vulnerability management solutions?
Michael Cotton: The top challenges organizations often encounter when using vulnerability management solutions are proper configuration of the system to properly assess all assets and effectively prioritizing vulnerability remediation. It is important not to get caught down in the weeds of eliminating every last minor flaw on a select set of internal systems when a lack-of proper vulnerability assessment configuration is causing you to miss critical flaws on your corporate website.
Company: Digital Defense
9000 Tesoro Drive, Suite 100 San Antonio, TX 78217 U.S.A.
Founded in: 1999 CEO: Larry Hurtado Public or Private: Private Head Office in Country: San Antonio, Texas - United States Products: A dedicated team of experts helps organizations establish an effective culture of security and embrace the best practices of information security. Through regular assessments, awareness education and rapid reaction to potential threats, our clients become better prepared to reduce risk and keep their information, intellectual property and reputations secure.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN