October 16, 2017

FTC’s “Stick With Security” #5: Segment Your Network And Monitor Who’s Trying To Get In And Out

Snell & Wilmer

+ Follow Contact

Send

Embed

On August 25, 2017, the FTC released its fifth “Stick with Security” principal, which focused on how companies can protect their virtual “entrances and exits” and make life harder for hackers.

The FTC believes that the kind of attention businesses maintain for their brick-and-mortar operations, such as alarm systems and key card access, should also be applied to computer systems. Two tips are offered:

Segment Your Network

The FTC defines segmenting a network as separating areas on a network that are “protected by firewalls configured to reject unnecessary traffic.” Even though technology gives companies the option to link all devices (computers, laptops, smartphones etc.) together, it may be prudent to create separation when sensitive data is involved. For example, the FTC recommends implementing a firewall to separate corporate website data from confidential client information. To help illustrate what not to do, the FTC offers two problematic scenarios. In one, a regional retail chain permits unrestricted data connectivity across its stores and a hacker detects a security lapse in one store’s network. Due to the lack of segmentation, the hacker is able to exploit the “one sesame” aspect of the company’s system and now has access to sensitive data. In another scenario, a company segments its network between sensitive and non-sensitive information, but undermines this firewall because the credentials to the sensitive side are accessible from the non-sensitive side. Again, the lack of segmentation creates a vulnerability.

Monitor Activity on Your Network

The same tools that warn companies about unauthorized network access attempts and installing malicious software can also be used to alert them when data is being “exfiltrated,” or transferred out of a system, in a suspicious way. If a company has tools that detect when confidential data is accessed outside a normal pattern and can alert IT to this, it is in a better position, for example, to catch a rogue employee in the act of stealing sensitive consumer information. When installing an intrusion detection system, ensure that it monitors both entry into networks and outgoing connections. Assign IT personnel to regularly check-in and oversee the system for anomalous patterns of activity on the network.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Snell & Wilmer

Contact + Follow

Sarah Anand

+ Follow

James Melendres

+ Follow

less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Increased visibility
Actionable analytics
Ongoing guidance

Learn More

Published In:

Brick-and-Mortar Stores

+ Follow

Confidential Information

+ Follow

Cybersecurity

+ Follow

Data Security

+ Follow

Federal Trade Commission (FTC)

+ Follow

Hackers

+ Follow

Malware

+ Follow

Network Security

+ Follow

Unauthorized Access

+ Follow

Websites

+ Follow

Antitrust & Trade Regulation

+ Follow

Communications & Media

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Snell & Wilmer on:

FTC’s “Stick With Security” #5: Segment Your Network And Monitor Who’s Trying To Get In And Out

Related Posts

Written by:

PUBLISH YOUR CONTENT ON JD SUPRA NOW

Published In:

Snell & Wilmer on:

"My best business intelligence, in one easy email…"