Before we dive into the topic of network security, I want to be clear that this article DOES contain spoilers for the 1992 film, The Bodyguard. If you’ve never seen the movie or if it’s faded from memory, worry not, I’ll fill you in.
So here’s the synopsis for The Bodyguard lifted from IMDb:
Best-selling pop diva Rachel Marron (Whitney Houston) has a stalker whose obsession has risen to the level of disturbing threats. At the urging of her manager (Gary Kemp), Rachel hires former secret service agent Frank Farmer (Kevin Costner) as her bodyguard. Initially resented and treated with disdain for his hard-nosed security procedures, Farmer soon becomes an integral part of Rachel’s inner circle. As they spend more time together, client and protector become closer still.
Do I still have you? Great!
When we meet Rachel, she is just crushing it in her career. Not unlike your business! She has her people; assistants, producers, and handlers. Employees and Staff. She even has a security detail. Your IT Department. Her compound, That could be a brick and mortar facility or even an online presence, is surrounded by a wall and driveway that is protected with a gate and features a telephone intercom system. Hardware or Software based Firewall. On the surface, Rachel and her people seem to be secure.
But soon we learn that there had recently been a security breach. A stalker had made it onto the compound and into Rachel’s home. A Hacker! Rachel, Your organization’s Data or Intellectual Property, was in grave danger. Recognizing that the security team was unable to thwart this stalker, the head of security, The IT Department Manager, calls in seasoned security agent, Frank Farmer. Velocity Network has been securing business data for decades.
Frank arrives on the scene and wastes no time assessing Rachel’s security. A Complete Network Security Audit. Among the things he noted: Trees and shrubs were allowed to grow against the property wall which could provide a shady means for an intruder to gain access. Outdated Firewall, easily guessed passwords, etc. The gate was in place, but the intercom was barely functional; visitors were buzzed in without question. No VPN was in place for outside network access and no Multi-Factor Authentication. The security team was too comfortable in their traditional way of doing things and didn’t want to disrupt Rachels workflow. Established practices and a history of not having any security breaches lull people into false security. Visitors were not logged and monitored on the property grounds. Data breaches can happen from someone you let into your facility.
Frank, with the cooperation of Rachel’s security team, began implementing changes based on his assessment. VNET frequently partners with your IT department to make your network safer. While his recommendations and procedures were viewed as an inconvenience to Rachel and her team, Farmer assured them that it all is in the interest of her survival. Two-Factor Authentication am I right?
At one point in the film, Frank leads Rachel’s limo driver through a stunt driving training montage. The payoff for this arrived a few scenes later where this same driver was able to skillfully whisk Rachel away from crowds of savage fans at a club. Training in new and improved methods of data security enables your staff to flee potential security vulnerabilities.
In the end, the stalker was not able to infiltrate the security measures that Frank had implemented. Many hackers may be thwarted by taking obvious precautions. However, the most significant twist in this movie is that the stalker was merely the McGuffin. The real threat to Rachel, your organization’s Data or Intellectual Property, was from within her inner circle. An employee, CEO, CFO, etc. in your network. Her own sister was responsible for opening a door for an assassin to come after her. Note: In this case Rachel’s sister was jealous and vindictive. Most employee caused breaches happen innocently.
Today, some of the most famous breaches of sensitive and vital data have been the result of users falling victim to phishing schemes that with some best practices procedures, training, and monitoring, could have been avoided.
So let me leave you with a few questions to ponder. Are your users trained to stay on their toes to keep security top of mind? Are you prepared to handle the latest security threats? Is your organization meeting all of its compliance requirements? If you can NOT answer a resounding YES to all of these, we want to encourage you to attend our FREE 2019 VNET Security Summit on August 28th. Hope to see you there!