Securing the data that can be accessed via Allied Cash's new Web-based user interface has been the most pressing security concern for company database administrator Christian Alvarez during the past several months.
"We've gone from dial-up connections to a broadband solution for employees accessing Allied Cash applications," Alvarez told InformationWeek. Now the company's nearly 500 employees in about 250 locations across the country have speedy access to the hosted applications that let the company offer customers cash advances against their paychecks. "This gives employees more ability to roam on the Internet," he said. And of course, more roaming means a greater exposure of Allied Cash's IT systems to the Web's more malicious elements.
These sorts of concerns are consistent with those expressed in InformationWeek Research's latest annual Global Information Security survey, conducted with consulting firm Accenture. Of the companies feeling more vulnerable to attack today, 70% cite the increased sophistication of threats, including SQL injections, while 58% worry about the growth in the number of ways to attack corporate networks, including wireless networks. About half of the U.S. respondents are concerned with the increased volume of attacks, while little more than one-third worry about the malicious intent of their peers using the Web.
To counteract these threats, Allied Cash uses SurfControl's WebDefense Web-filtering application, "which has different sites broken down by categories, like gaming sites or dating sites, that we have locked down," Alvarez said. "These are sites that could have malicious software on them and that employees shouldn't be using from work. We found that our users were going to non-work-related sites, and we were getting a lot of requests because their PCs were going down," Alvarez said. That's when the company decided to implement WebDefense.
With broadband access to the Internet, employees are more open to malicious Web content while they're using the Web to access software used to record customer transactions, including payment, marketing materials, and collection calls. "We deal with financial information about our customers, so you have to go beyond simple antivirus software for security," Alvarez said. "If employees are doing anything not work-related, they run the risk of downloading malware such as a keylogger that can be used to steal login information."
To control this, Allied Cash's point-of-sale system is IP-address-controlled at the network firewall, Alvarez said. Allied Cash only allows users to access its applications if they're coming from an approved IP address. "If someone tries to log into our site from an unauthorized IP address, they wouldn't be able to get in, even if they have a valid user name and password," he said.
Alvarez acknowledged that securing a business has gotten more complex as new offerings have hit the market. "People say security is complicated because of the different avenues they can take to protect themselves," he said. "But the best way for people to protect themselves is to start by limiting everything -- what you're going to allow out, and what you're going to allow in."