In early June the U.S. government announced one of the biggest cyberattacks on record when hackers compromised the personal information of four million current and former government employee records. This attack, following the Sony breach at the end of 2014, has moved the nation’s attention back to security and the real need to protect personal data. In fact, President Obama has made data security a national priority.
To date, the government has enforced few mandates that require companies outside of the healthcare and financial services industries to address security. Cyber security, for the most part, is unregulated and at the discretion of the individual company.
Some security experts have called for more governmental intervention to enforce protections and strengthen security across public and private companies. With that type of oversight ahead, it’s time to make sure the wireless, wired and voice networks are safe and secure from harmful cyberattacks.
- Secure the mobile devices: Whether an organization supports a BYOD program or not, employees are logging onto the corporate wireless network with their smartphones. It’s important that communications on mobile devices are secure, no matter what network users are on—whether it’s internal or external wireless LANs, cellular or wired networks.
The first step to ensuring the communication between a user’s mobile device and the mobility server is secure is to enable authentication and encryption. When connecting from home or a public Wi-Fi hotspot, the addition of a VPN will provide additional security. A solution like ShoreTel Mobility provides secure mobile UC from Android, Apple, and other mobile devices on Cisco, Avaya, ShoreTel, Nortel and Microsoft phone systems. The ShoreTel RoamAnywhere Client, which runs on the smartphone or tablet, enforces the appropriate security policies, and the ShoreTel Mobility Router secures the communications between the client device and the enterprise UC system.
- Guard the network perimeter. Firewalls stand between the network and the connection to the outside world. These security appliances will prevent unauthorized traffic from entering or leaving the company’s network and that will help protect the business from attacks and malware. IT can create rules on the firewall to tightly control which applications and traffic are allowed to pass onto the corporate network.
- Enforce strong passwords. Birthdays and maiden names are not good passwords. Make sure the organization follows best practices for choosing strong passwords: between 8-14 characters long with a combination of lower and upper case letters, numbers, and a special character. However, remember not to make the password requirement too burdensome, or employees will write it down on a sticky note and paste it to their screens.
ShoreTel lightens the load of enforcing passwords—which are required before using ShoreTel Communicator and voicemail. Both user and administrator passwords must be changed when a worker first logs into the ShoreTel system. Passwords must meet the requirements set by the system administrator. ShoreTel also integrates with Active Directory, which makes it easier for users to sign-on to multiple applications with a single password.
- Use VPNs to protect remote workers. Many remote workers use the public Internet to connect to corporate headquarters. It’s key to secure this connection so that communications cannot be snooped.
- Perform regular security maintenance. Performing regular patching and keeping security protections up to date on both endpoints and the UC system itself is just good sense. Administrators can use the web-based ShoreTel Director to manage all voice applications from anywhere on the network.
- Review cloud providers’ security. When considering a cloud provider, pay close attention to the security at the data center. Find out about guaranteed uptime, backup and redundancy. Ask about intrusion prevention systems and firewalls, as well as authentication, encryption and compliance credentials. Cloud providers should be ready to provide a comprehensive overview of all aspects of their security strategy.
- Don’t ignore potential internal attacks. While cyberattacks gain the majority of attention, the biggest danger comes from within companies. Employees have access to an incredible amount of sensitive information, and they often store it on their laptops, tablets or smartphones. This confidential information can walk out the door when an employee or contractor quits, is fired or moves to another company. HR and IT must work together to understand potential insider threats and protect internal documents.