Security done right
It’s common sense to enhance security by not sharing which security measures were taken. So, without disclosing details, this case is exemplary for the way Global Screen handles information security for our clients.
Better safe than sorry. We all know about that. In this case, the clients specifically requested not to be mentioned or even referred to in any way. No names, no type of business, no locations, no nothing. Of course, we totally respect that. And present this case in this manner, because we think it still gives you a pretty good idea how we take care of information security in general.
What we did
Technical and user security review
Simulate digital attack
Test physical security on location
Secure weak spots
Securing data without interrupting daily business
The client has a number of systems which are critical for company operations. They asked us to take a very good and critical look at their security measures. And do everything we can to make sure the systems that are crucial for generating income are as safe as possible. Without disrupting their daily business, while still maintaining a workable environment.
We approached this from the inside out. First we needed to know a number of things. Which systems have to keep running? How does the whole information structure look like? How do various subsystems communicate with each other? What are the current security measures? Which persons have access and how? In short, we reviewed everything that can be a threat to information security, from software code to user access to people who can enter the building and the devices they are allowed to bring with them.
Our next step: make an overview of all weak points and secure them as soon as possible, by changing or adding code, installing firewalls, changing relevant protocols, etc. All this without disrupting their daily business by shutting off essential company systems.
Social media are of course part of our security review. Because some people inadvertently share more information in their posts than they intend. In this case, we spotted an employee who often posted updates that gave away his location. That made him more vulnerable to physical threats. Yes, sometimes information security is thát serious.
Subsequently, we performed penetration tests: simulated digital attacks in which we try to gain unauthorised access in every way we can think of.
We also did physical tests. In this case, we tried entering a company building without authorization, carrying a simple usb-stick to find out if we could plug it into a networked computer. Attempting unauthorised wifi access was also part of the test. To be clear on this: if our faces are too well-known at the client location, we’ll send an undercover investigator instead of one of our own staff.
The result of our information security review and tests: a client that feels much more secure, knowing we rigorously reviewed and tested existing measures on technical and user levels, and secured every weak spot we could find.
One little secret we are willing to share concerns information security in general: some clients are aware that their security measures should be thoroughly checked more often. They often simply lack the time to do so. But in the end, it’s like the saying goes:prevention is better than cure.
You may wonder if we don’t have an unfair headstart by first reviewing security measures and then testing the system by trying to break in. Well, in case of information security, there is no such thing as an unfair headstart. Malicious hackers also do research before trying to break into a secured