The risk of using tools outside the control of the Company

by Laycos International

The misuse of tools in our work environment is a danger that lurks around the corner. Today, heterogeneous applications coexist with social networks of diverse purposes. They are usually of an internal nature, but increasingly due to the phenomenon of cloud computing, they are either located on dedicated servers or virtualized cloud environments.

Why should we worry?

The biggest concern for IT departments is the inappropriate use of outsourced enterprise tools.

A controlled and secure environment where the applications are executed facilitates the minimization of possible impacts caused by some of the following reasons:

  • Denials of Services in the application
  • Non-availability of the Service due to a hardware error
  • Unauthorized changes to the application
  • Information theft

What happens when we handle sensitive data? What happens to those handled in a Human Resources department? In applications for the management of personnel and all their control should be a high level of security, due to the sensitivity of the data and the applicable jurisdiction, in this case, the Organic Law of Data Protection, applying the measures of high level, among which stand:

  • Encrypted transmission of information over telecommunications networks
  • Access Control and Logging
  • Keeping track of incidents
  • Unambiguous identification of users

Facebook, WhatsApp… Are they really safe as social networks?

Important companies make use of social networks to communicate with their customers like Facebook, Twitter or Whatsapp, but is this practice a 100% safe? Given the sensitivity of the data being handled, it would be logical not to use this type of social networks mentioned above. Instead, it is advisable to use collaborative work tools that include various management tools within a trust and security environment, where employees, external advisors, and clients coexist.

What to choose the right security?

The main reason to value the acquisition of an application is the confidence and robustness of the security that surrounds it.

But, what criteria can we define to be able to choose one application or another? The following criteria help us select the application that best ensures the communications and information of the company.

Password Policy

Passwords generated within the application must have the following complexity:

  • At least 8 characters
  • Capital letters
  • Lowercase
  • Numbers
  • Special characters: (¨{ }@

Secure environment (SSL)

Whether during the authentication phase or the transmission of information between the client and the application, encryption will be performed using secure SSL protocol, with a robust encryption of 4096 bytes, ensuring that the information Traveling through the telecommunications network is not intercepted by third parties.

Audit logs

It is important to have monitored who, how and when you have accessed the application, as well as protection for attack cases and/or failure to know what happened at all times.

Privacy

The user controls his own privacy, being able to change the privacy levels within the application. Security is the key.

Safety is an important factor in companies because of the threats that exist putting our daily work in danger. We must rely on communities where security is one of the main values, otherwise, the idea of work may be hampered by difficulties, our workplace could be exposed and endanger the integrity, together with the availability of information we handle our safety.

As you can see we take safety very serious, do you?