At the job interview the internet is asked: "what are your best and worst qualities", it would have to answer (if it was being honest):
"I can get you any information that you want" as its greatest strength,
"I can give anyone your information if they want it" as its biggest weakness.
With tools like Facebook, Chrome OS and Dropbox (other clouds are available), internet users are comfortable putting their personal information online. They see those 'cloud services' as an extension of their personal space. They trust the cloud to look after their information and keep it safe from prying eyes. But what is the cloud? Where is Facebook, or icloud, or dropbox, or even GOSS iCM?
The answer is, in a server. A server is a computer just like the one you're reading this on. However, if it's connected to the internet, it's vulnerable and so is the information it contains. The simplest way of keeping your content from escaping is to not put it online. But in the world of the cloud, that's not always desirable or possible.
Keeping online information secure
If you are running a website you have to put information online, but how do you ensure the right people see the right content? With GOSS iCM there are tools to help you secure your content and GOSS websites will allow you to share the information you want to, and more importantly, safeguard the content you don't.
It's not enough just to have the tools in place; they need to be used wisely to protect your organisation and your customers. Administrators have the tools to look after personal data so should understand how these work.
Managing website users
Make sure your website groups are set up to only allow users access to the information they 'need to know'. In GOSS iCM any content like pages or images and videos can be secured to groups. Groups can contain a single person, multiple people or even other groups. This gives administrators granular control of your content. Page security is managed using the security tab in GOSS iCM. This FAQ explains how.
Security best practice
There's a lot of advice out there as to how website end users can keep safe online, but users won't all follow it all the time. Consider adding a security advice article on your login page;
Remember that it is a website administrator's duty to ensure your customers' information is kept safe. Your customers will trust you to do so, without thinking about it. So you need to think for them.
Train and educate your staff to protect themselves and others:
The hardest thing about keeping content safe is that it needs to be seen by the people who should be able to see it, and they want it to be easy to find. Allowing staff to choose their own usernames means that john.smith@company.co.uk's account is going to be a lot harder to hack if his username is 'Wizzard1967'.
GOSS iCM allows users to choose their own passwords too, so set GOSS iCM to force users to change their passwords regularly.
GOSS iCM can, and should, be configured to refuse your web editors use of most commonly used passwords and contain non-letter characters, or numbers, or be a certain length.
Test your system, then test it again
If you don't run Payment Card Industry (PCI) tests also know as Penetration test or Pen test for short on a regular basis, you should consider revising your procedures to include these. Pen tests simulate an attack from outsiders, and can show weak points in your system configuration. When GOSS clients run pen tests the results are taken very seriously and GOSS will give any issues raised in pen testing a high priority to keep your site, your GOSS iCM, and your customers safe.
Job success
So does the internet get the job? Well you need to understand the internet and maximise the tools available. Work with the internet to take control of the powerful security features in GOSS iCM to ensure that your personal data, company data and customer data is protected.
Posted by Aerynne Russell 15th December 2011
