Page 126 - Cyber Defense eMagazine August 2024
P. 126

A modern  application  uses many  external  resources  that requires  credentials.  A company  has  people
            spread  over  in  the  premises,  working  remotely,  using  cloud  storage,  USB  devices,  etc.  any  leak  of
            credentials or passwords can cost company dearly. Today’s hyper connected systems bring an immense
            challenge  to security  in general and secret  management  in particular  since  the use of credentials  has
            increased exponentially.



            So, how should you store such data?


            All the sensitive data must be encrypted. It shouldn’t be just lying around. It must not be stored in plaintext
            in any location.

            Some points to be kept in mind:


               •  Control who in your team can do what.
               •  Share secrets with those team members only who need them.
               •  Control which application can do what.
               •  Monitor and audit secrets usage.
               •  Revoke access when team members leave.

            Security  Management  consists  of  nurturing  a  security-conscious  organizational  culture,  developing
            tangible procedures to support security and managing the myriad of pieces that make up the system. An
            effective system security depends on creating workplace environment and organizational structure where
            management understands, fully supports security efforts and users are encouraged to exercise caution.



            Certain points to be kept in mind:

               •  Staff must be made aware that protecting or safeguarding the secret is the responsibility of each
                   employee having access to the sensitive information. Their awareness should be increased and
                   also proper training must be provided.
               •  File Sharing is common in businesses but it must be done securely to protect sensitive data.
                          -   Encourage employees to send and receive files via email only
                          -   Use a security system that gives optimal security-appropriate  visibility-access con-
                              trol-compliance system
            Software  to safeguard  and monitor  each activity must be installed  that will protect the organization  not
            only from internal threat but also from cyberattacks



               Some risks of File Sharing

                   ➢  Release of Sensitive Data – When file is transferred from one end to another then there is a
                       risk of an unknown person/party getting access to the information.
                   ➢  Opportunity for attacks – When files are shared, there is a possibility of secrets falling into
                       the hands of unknown who become the reason for attacks




            Cyber Defense eMagazine – August 2024 Edition                                                                                                                                                                                                          126
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   121   122   123   124   125   126   127   128   129   130   131