GFI will be recruiting Software Developers, Web Developers, Software Testers, Technical Communicators, Security Researchers and Technical Support Representatives.

The GFI Careers Day will be held at the Radisson Blu Resort in St Julian’s on Saturday, April 16, 2011 from 9.30am to 4.00pm. You are encouraged to bring copies of your letter of application and CV. If you are applying for more than one position bring enough copies to cover each position. Interviews will be held that same day.

Following the very successful Job Fairs in 2006 and 2007, the GFI Careers Day will be an opportunity for anyone seeking a career in IT or looking for a challenging role in a dynamic company that offers stability, long-term growth and an emphasis on personal development and team building. Among other benefits including on-the-job training, opportunities to learn new skills and excellent remuneration packages, employees also benefit from life assurance and family health cover.

For more information about the GFI Career Day visit http://www.gfi.com/careersday.

All applications will be treated with the strictest confidence. GFI is an equal opportunity employer.

In brief, Cystic Fibrosis is a life threatening disease that attacks the lungs and pancreas; CF patients require constant daily medication and at present there is still no cure for the condition.

A number of Malta office employees joined the 2,000 Malta Marathon participants to show their solidarity towards CF. In less than four hours, they made their way along the 21km track and were awarded a medal for reaching the finish line.

Not only did these employees collect money and promote CF Trust a few weeks before the event, but the voluntary GFI charity fund committee added their donation to the funds raised.

The GFI employees are now looking forward to seeing their efforts help see off CF.

A number of Malta office employees chose to don their running shoes and do their bit for charity… and for the exercise, as they made their way along the 7km stretch to the capital city of Valletta! Participation required a small fee, which the voluntary GFI Charity Fund committee matched, thereby doubling the funds raised. A record total of 7,000 people participated in the fun run.

And now here are a few more GFI members to share their experiences as we strive to exceed expectations and aim to meet all our clients’ needs.

You can check out the first two instalments of this great campaign in Part 1 and Part 2.

Here’s another batch of lovely GFI people for you to get to know (click on the images to enlarge).

Here’s the second set of some of the GFI members… (click on the images to enlarge)

Check out our recent internal campaign where various GFI members shared their experiences about working at GFI as we strive to exceed expectations and aim to meet all our clients’ needs.

Over the coming weeks we’ll be posting more quotes, opinions and thoughts from various members of the GFI team from all over the globe so watch this space!

We’d like to introduce you to the following GFI members… (click on the images to enlarge)

These posters now adorn the walls of all GFI offices around the world.

]]> http://www.gfi.com/blog/exceeding-expectations-with-gfi/feed/ 0 http://www.gfi.com/blog/10-security-threats-organization-part-2/?utm_source=rss&utm_medium=rss&utm_campaign=10-security-threats-organization-part-2 http://www.gfi.com/blog/10-security-threats-organization-part-2/#comments Tue, 04 Aug 2009 14:37:34 +0000 Jesmond Darmanin http://www.gfi.com/blog/?p=760 When looking at the first five security threats that can hit an organization we dealt with the harmful effects of spam, viruses and malware and how monitoring your network and investing in patch management is an effective way of preventing such threats from attacking your network and infecting your machines. Not all threats are external, and not all of them are done maliciously; however, they still have a negative impact on the organization so it’s important to be aware of all the potential dangers that are present both outside, and even inside, an organization.

Lost emails

When a decision is taken that is communicated via email, that data is valuable information for an organization. Most emails are dealt with as they come into a user’s inbox and then filed away and forgotten, but sometimes there are unforeseen situations that require a specific email to be found again. Without a proper archiving system in place, finding that singular email can cost an organization thousands of dollars and require days of searching through logs, and often one doesn’t have days to spare. Nowadays, legislation requires that all organizations have an email archiving system in place where emails are stored systematically and can be easily retrieved should the need arise.  Email content can also prove useful for human resource cases if there is an internal dispute between colleagues as emails could hold information that is pertinent to the situation. Email archiving is not something to stay thinking about; it’s a solution that all organizations ought to implement, sooner rather than later because it can save you from an unwanted hassle and expense.

Data theft

The proliferation of USB sticks, iPods and other portable USB devices have made it increasingly convenient to store and transfer data from one machine to another. Whilst this can be very useful for people who need to continue working outside of their office, it also poses a security risk that is oftentimes overlooked. An organization’s data, especially when it comes to financial information, budgets and future goals, is an asset and if this sensitive data were to fall in the wrong hands there could be serious repercussions for the organization’s reputation as well as their confidentiality. And this is where the problem with portable USB devices comes in. It’s very easy to insert a USB device and surreptitiously copy confidential files onto a USB device – files that can be sold to a competitor for the right price. Employers might think that this scenario is far-fetched because they trust their employees; however, it has been known to happen and organizations have suffered the consequences due to the lack of foresight. In these unstable economic times where many people are getting laid off, the mood is gloomy, and disgruntled employees would not be averse to a quick buck if they feel that their job security is shaky. Endpoint security is becoming more common as employers recognize the risks involved and the simple solution that they need to prevent such risks.

Lost data

An organization’s data (including confidential files) is usually stored on the server or machine hard drives where people (with access privileges) can access these files to work on them. However, should their hard drive crash they run the risk of losing all the data that is stored and all the work that was put into those documents. Backing up data onto external hard drives or other hardware that is detached from the network or machine is the best way to protect your data as you will be able to restore all your files from your backup should a crash occur.

Time wasting

Internet access is available to most employees with the expectation that they use this resource for their work. Yet there are many distractions available on the web and whilst checking out the day’s headlines would not be regarded as a problem, if an employee were to spend an hour of his/her working day on social networking sites, chatting over IM or playing games, that would constitute a breach of work ethics. Employees need to have an Internet access policy in place that states what is and is not acceptable when it comes to Internet browsing. This is the first step to educating employees and most will follow it and not cause hassle, but there will always be someone who strays and if that person is found accessing inappropriate sites it could lead to disputes within the organization that could even escalate into a lawsuit; a situation that no organization wants to find itself in. The second step therefore would be to install web filtering software that can be set to block sites that are unacceptable in a working environment. Apart from monitoring websites, the software also filters all downloads to ensure that they are free of malware. In that way if someone is checking their personal email account and downloads an attachment that is infected, the web filtering software will not allow the download to complete.

Employees

Employees are part of an organization’s assets, yet, they are also their greatest liability when it comes to IT security. Many users are unaware of the threats that exist when they are connected to the network and subsequently to the Internet and nonchalantly browse various sites, click on links and download email attachments without a thought as to where it may lead them or what it may contain. Educating users about the risks involved when browsing the Internet and alerting them as to what they ought to look out for so as not to be duped into clicking fake links or downloading a virus is a basic, but extremely important, step for an organization’s security. By ensuring that your users are aware of the importance of security and its effects, will help them understand and respect any security software installed.

In the second part, I will be expanding a bit more on the importance of communication and how some common sense approaches to their implementation within the organization can make a difference.

KISS – keep it short and simple

Brevity is key to communication and if something can be said in a one-page document then do not write two or three. As much as the security manager may want to go into detail, remember that employees (and readers in general) have a short attention span; they will read the two first paragraphs and skip texts with language they find hard to understand.

Facilitate compliance

Security policies are there to be followed so security managers should not complicate procedures or the requirements if employees are going to find difficulty to comply. Put yourself in an employee’s shoes and ask: “Can I comply with this?” If you can’t, then don’t expect others to.

Hinder not

Employees have a job to do. They are paid to get work done, properly and within an established timeframe. Security policies should strengthen security without hindering their job. Policies, when possible, should be integrated into business processes, otherwise employees will find ways around them to do their job. If an employee has to choose between doing a good job and complying with a security policy, that employee will choose the former – no matter what.

Big Brother is looking

If employees only see security policies as an attempt by the IT department to police their activity, then the whole scope of those policies is defeated. Through a constructive approach to security and what is acceptable user activity, security managers can integrate these policies into the corporate understanding of security, data security and an improved all-round working experience. If the ‘security is there to secure your activity at work’ message gets through, then security policies will be seen as a contributing factor and not another Big Brother exercise initiated by the IT department and supported by management.

Set an example

If security policies are going to be implemented, make sure that they are applied to everyone in the organization. If a policy states that only authorized personnel can access the server room, the directors or the CEO – who have no reason to be there anyway – should not be given access. When lower grade employees see that management has to follow the same rules, there will be a greater chance they will comply with the policies.

Cater for different groups

Policies should be adopted and designed to target different groups of users. Whilst retaining the same message, security policies often need to be presented in a different format to users.

Regular updates

Security is not a static process and policies may need to be changed or amended over time. Any changes and newly implemented policies need to be communicated to employees on a regular basis. This could either occur through the organization’s annual training program or via the corporate newsletter. For smaller organizations, an email should be sufficient.

Are they manageable?

How many policies do employees have to comply with? Ten, 20 or more? The more security policies an organization tries to implement, the greater the risk that some of them (if not all) will be ignored. Reducing the number to say a dozen or less and applying them properly will make it easier for users to comply with (and bother to read them).

IT security policies are indispensable for an organization. They give structure to the organization’s efforts to secure data and help to instill a strong of sense of responsibility among the workforce. A proper security policy creation process coupled with an employee awareness program will dispel any negative ideas employees may have, allow the organization to function at a more productive level and reduce the possibilities of disruption and damage to a minimum.

The same, however, cannot be said of another set of rules that most IT departments create for the organization. These rules, or as they are better known, security policies, are the foundation of effective information security, yet they are among the most resisted by employees.

Security policies are seen to interfere with the job; they are nothing but an affront to their intelligence; hindering their workflow and a clear message that they are not trusted. Not surprisingly, new policies are often met with strong opposition by employees who believe they are responsible enough to protect corporate information without the security manager’s ‘this-is-how-it’s-done’ dogma.

Once again we come across this disconnect between employees and those responsible for IT and security in an organization. As I wrote in an earlier post, a different ‘language’ is often spoken and security policies are written in language that does not properly explain the reason for that policy in the first place. Add in a few choice words that make the security manager look like a real ‘meanie’ and you have the perfect recipe for non-compliance.

Another reason why security policies are resisted or ignored is that they are often imposed and those affected are not given the opportunity to participate in the policy creation process. I am not suggesting that employees have a say in how the policies are designed but security managers would find it easier to create policies if they had a better understanding of organizational structure and HOW employees react to policies. For example, running a short survey through the HR department will reveal whether employees know that there are security policies in place; what they are, where they are and are they accessible; whether they have read them and do they understand the policies.

Security policies are only successful if employees understand and regularly observe the procedures and for this to happen these policies have to be clearly communicated. They need to understand why they are being asked to comply with security policies and that their contribution (through understanding and acceptance) is key to the organization implementing a successful and effective information security exercise.

Security managers need to look beyond technology and understand the complex nature of human behavior. Managing security is as much about technology as it is people management. This is the major challenge.