Locking down team communication can help control information

Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
Courtesy: Brett Sayles

Communication is vital to managing every part of a business. In each communication within your company and between your company and external entities, you’re exchanging information. Some of that information might be simple pleasantries or general knowledge, but most or perhaps even all your communications will contain some proprietary, confidential or other critical information that needs to be kept secure.

Locking down the team’s communication system to control the flow, access and types of information exchanged is an important component of an organization’s security. Let’s explore why information locking is necessary, how it can be accomplished and what the benefits are of a restricted and secure communication system.

What does locking down a communication system mean?

Locking down your team communication system means restricting access to specific devices and users. Most large organizations use a hierarchical access structure. For example, the U.S. government uses confidential, secret and top secret as its access levels. Confidential information could harm national security, secret information might cause serious damage to national security, and top-secret information may lead to grave harm to national security.

Your company’s confidential information might include customer addresses, names, dates of birth and order numbers. Your company’s equivalent of secret might include tax identification numbers, Social Security numbers, a list of candidates you’d never hire and a list of your business contracts or employee salaries. Your top-secret equivalent could be diagrams of how you produce your products, algorithms your organization uses for relationship management or proprietary technology.

Why locking down a communication system is important

Hackers and other nefarious entities know that every business has valuable information, and that information is exchanged in internal communications as well as in communications with prospective, current and past partners, employees, candidates and others. If someone gains access to your confidential information, your reputation, livelihood and trustworthiness are at risk.

Avoid common scams

Malicious individuals and groups want easy money. With the right coding skills, a nefarious entity can quickly gain access to an insecure communication system. Social engineering is a common method used by hackers to gain access to private communications networks. IP spoofing is also used by con artists.

Some other scams that could harm an open team communication system include a network or distributed denial-of-service attack, eavesdropping, man-in-the-middle, transport protocol replay attack and spim. Locking outside users out of your communication system and implementing a clearance or access hierarchy decreases the likelihood of your company falling victim to these common scams.

Reduce the risk of hacking

A wide-open communication system might be convenient and engaging, but it’s also inviting and easy for hackers to infiltrate. When you lock down your team communication system and control the who, what, where, when and how of information exchange, you’re reducing the risk of hacking. If your company’s employees’ personnel files aren’t accessible through your instant messaging system, then they can’t get hacked as easily. By limiting access to cloud storage to those who absolutely need it, you’re lowering the risk of spoofing, spimming and social engineering attacks.

Prevent accidental data release

Not all misuse of data is purposeful or malicious. Accidents happen. Another reason to lock down your team communication system is to avoid an accidental release of confidential information. The finance, technology, research and healthcare industries handle confidential, proprietary and personally identifiable information, much of which is protected by law. Locking down a communication system lowers the risk of an accidental data release that could result in your business getting fined or being sued by the entity or individual whose information was accessed or shared.

Maintain compliance

If your company has government or university contracts, you may be required to maintain compliance with laws on information security, such as the Federal Information Security Management Act (FISMA) of 2002. Failure to comply with security standards could result in the loss of those contracts, fines and other penalties. For example, if you’re working on a NASA contract, you can’t use Zoom to discuss the project. This violates FISMA. Your employees can’t use their personal phones, tablets or other devices to send work-related communications about those contracts.

Methods of locking down a team communication system

You may already use one method to lock down your team communications, such as requiring multi-factor authentication or password changes every 90 days. However, there’s more to locking down a team’s communication system to control information in a structured way.

Take stock of information

Large companies might not realize what types of and how much confidential information they have, who uses it and how it is exchanged. Knowing what information you have, who needs it and why is the first step in locking down your communication system.

Scale down

Pare down to the essentials in your team communication network. Does the whole sales team need to be in the chat, or can the communication channel be pared down to just the sales managers? Each person should only have access to communication channels and information that is required for them to do their jobs. Locking the system down to just the essential users facilitates better information control.

Only keep what you need

Information hoarding won’t do your company any good. If you collect the data, you must protect it. Likewise, locking down your team communication system means that there must be a strong business case for retaining information and sending it to participants.

Authenticate users and devices

Do periodic reviews of who accesses what and why. As soon as a person changes teams, leaves your organization or takes a leave of absence, turn off their access to your communication system and files. Restrict external device access, including printers and copiers you rent from vendors, guests’ phones and internet-enabled lights, window shades and other devices. They’re all vulnerable to hacking through your communications system.

Keep in mind that like other aspects of your business, communication needs and demands are fluid. Technology changes, and so will the threats that come from different types of communications. You’ll need to revisit your lockdown methods on a regular basis to keep your company’s information secure.

– DEP is a CFE Media and Technology content partner.




Keep your finger on the pulse of top industry news