Categories
Blog Device Control File Server Security Insider threats

Insider Threat Prevention Using a File Server in an SMB (Small & Medium Business)

One possible alternative for resolving data security and management issues in a distributed data environment is the VDI (Virtual Desktop Infrastructure). In a VDI environment, the insiders’ PC functions as a terminal with which to work with data stored on servers. Insiders’ PCs don’t have any data stored on them, thus providing a significantly enhanced level of information security for enterprises. System administrators can focus on server management, while insiders are responsible for managing what happens on their own PCs.

However, the VDI environment is quite unlike the typical PC environment, and being so unfamiliar to most of us, we would likely need the help of VDI specialists to introduce and manage it. Furthermore, a VDI environment costs about twice as much as a standard PC environment because the software licenses for servers which are not required in PC environments can be quite pricey. Consequently, many companies, especially SMBs, are often reluctant to introduce VDIs despite their obvious advantages in terms of information security and management.

A file server solution represents a reasonable alternative to a VDI. In this solution, all corporate data is stored on a file server, and an administrator focuses on the server to enhance the level of security and to facilitate asset and data management. With all corporate data now stored on the file server, all activity log files from creation to deletion can be gathered quickly, and individual access authority can be managed collectively. Moreover, if the file server has a backup system, data loss due to inadvertent or malicious deletion by insiders can be prevented. Ransomware attacks can also be prevented through the use of whitelisted corporate applications. Of course, the file server should be encrypted and equipped with antivirus to prevent attacks from outside, too.

All file activities should be executed on the server, and all users should be restricted from copying and network transferring a file to outside the file server, thus preventing data leakage. A watermark or print prohibition feature could be useful in preventing data leaks through printing. If a file server is equipped with such DRM features, it can effectively prevent insider threats. In sum, there is a range of data and network security features available with a file server solution, thus negating the need for a VDI.

Categories
Blog Device Control USB Sescurity

3 Ways to Prevent a Virus Infection in an Industrial System

Information security on an industrial system is more important than that on a PC. If an industrial computer for manufacturing automation stops due to a virus infection, it could shut the whole factory down. Therefore, an industrial computer should generally be isolated from the internet to prevent outside attacks or virus infections. Software upgrades for the computer should be performed using USB memory drives. A user downloads the software from the internet onto the USB memory stick using their own personal computer, and then inserts the USB memory stick into the USB port of the industrial computer to be upgraded. Thus, the industrial system must have a USB port.

Ironically, virus infections on industrial computers typically occur during software upgrades using USB memory sticks. A user downloads the upgrade software onto the USB memory stick, which is already infected by the virus. After the user inserts the USB memory stick into the industrial computer and executes the upgrade file, the industrial computer will become infected by the virus from the USB memory stick. Virus protection is fruitless in the industrial system because the system is isolated from the internet; In other words, if you install virus vaccine in the industrial system, the vaccine will become useless as time passes since it cannot be updated regularly without the internet.

However, it is difficult to find reasonable and cost-effective solutions to prevent this kind of security incident, although many people think that any virus infection in an industrial system, such as a plant, factory, or hospital, could cause a catastrophic disaster. There are three simple ways to prevent virus infections in an industrial computer using Secudrive products.

First, the USB memory drive for the industrial system should be secure and virus free. Secudrive USB Basic has a hardware-based encryption function and is equipped with Trend Micro USB Security 2.1, a commercial virus protection program, so that the system can be free from virus infections and malicious attacks through the USB memory drive, as well as any data leakage.

Second, the USB port of the industrial system should be controlled to allow employees to use only a secure USB. Secudrive Device Control Basic is a standalone type of USB port control solution that allows administrators to monitor and enable or disable various ports and devices on a PC. After installing this on an industrial computer, only Secudrive USB Basic can be used on the computer. 

 

Finally, the office environment should also be securely managed. If Secudrive USB Management Server (UMS) is used in the office network to restrict employees to use only Secudrive USB, then virus infections could be prevented on the office computers. Furthermore, the data cannot be leaked or stolen even if an employee loses the USB memory stick because administrators can remotely manage the USBs.