Subcontractors managing building automation and control systems can be a point of weakness for corporate security, say experts, who note that they may have too much access to corporate networks. One security firm found that it could “probably exploit” a building control system for Target’s Minneapolis headquarters after the company’s point-of-sale systems were hacked.
If this is the case, more security measures need to be taken. Data traffic moving to and from servers need to be monitored and building engineers need only be granted access to a few systems. Traffic going anywhere else needs to be flagged immediately. Companies need to be aware of the IP addresses used by subcontractors, and anything unrecognized needs to be blocked. Password management is also important. Last, but certainly not least, when employees leave a company, passwords need to be changed.
View the full Article at: csoonline.com.