The airport professional's source for airport industry news, articles, events, and careers.
Issue link: http://airportbusiness.epubxp.com/i/122648
cyber security and Accountability Act of 1996 (better known as HIPAA). The U.S. Department of Health and Human Services Office for Civil Rights (OCR) may impose a penalty for failing to comply with privacy rules. Safeguard Your Control Systems Control systems are increasingly being targeted in cyber-attacks. Airports have a large number of control systems from building management systems to utility systems to baggage systems. Ask the IT team if they have conducted an in-depth analysis on the security of the facility's control systems. You may wish to ask if the cyber-security of airport control systems is even managed by the IT team; historically, these systems have been operated by non-IT staff. As control systems became more sophisticated Internet connections were added to provide off-site monitoring. In many cases, this change went unnoticed and personnel without an IT background suddenly found themselves in charge of IT networks. Manage Your Mobile Security The growing popularity of mobile devices presents a new challenge in cyber-security. Smartphones, lightweight laptops and tablets are pro- 32 airportbusiness April 2013 liferating in large numbers and in a seemingly endless variety. Ask the IT team the following: • Do we allow employees to use their own device (called BYOD), and what are our policies for ensuring that sensitive or confidential data is not leaked through loss of such devices? • Have we established standards on what mobile devices may be allowed into our environment and were those standards based on cybersecurity principles? • What safeguards have we implemented to ensure mobile devices will not be access points for malware to enter the airport network? Engage Your Employees Your employees are your weakest link. No matter how effectively you secure your network, airport administrators still have to contend with end-users, who are often responsible for the biggest security breaches. Many employees simply lack knowledge about good security practices. Airports need to develop an internal cyber-security policy and then educate end-users about this policy. Give special attention to users who work from home or on the road. Ask the personnel department, legal counsel and IT team if the airport has established needed policies to keep its IT assets safe. Everything from PC usage policies to standards of conduct must be adapted to the modern IT environment. The following are critical areas for review: • Perform employee background checks. Many businesses are robbed by their own employees underscoring the importance of hiring the right people from the Exercising the practical safeguards listed in this article can be the difference between staying cyber-safe and becoming tomorrow's headline news. get-go. A background check is not perfect, but it will eliminate candidates who have had problems in previous positions. • Institute use policies. Be sure there are policies in place to help employees practice online safety and network security. A simple but effective password policy is critical. Do you have one? At times, identity theft or fraud can be unknowingly committed by an employee. Make sure employees follow policies and protect themselves and the company from virtual intruders. • Separate duties for employees engaged in the airportÕs financial systems. A single employee should not have full authority over financial transactions. Assign several people to handle different aspects of each financial process. For example, one person might initiate purchase orders, another might handle the accounting for incoming purchases, and a third might prepare checks for payment. Exercising the practical safeguards listed in this article can be the difference between staying cyber-safe and becoming tomorrow's headline news.