With hackers combing the Internet for personal information and organized groups literally holding data hostage, you need a dynamic security plan that can adjust and address every new threat as they come on the scene. Here are 7 ways to protect your network:
1. Take a layered approach to security.
Some call it layered security, others call it defense in depth; whatever you call it, just make sure that you use it. Choosing the correct layers, of course, is paramount. Think of it as being a risk mitigation construction, applying multiple layers of control across the depths of your IT environment.
Doing this will not guarantee attack prevention, but it will slow down intruders. Done properly, a layered approach to security will buy you time — the time you need to respond effectively to any attack and prevent a potential breach. In other words, it makes your business harder to hack.
2. Network visibility leads to proactive protection.
There is a lot of talk about proactive IT today, as there should be. Network visibility enables you to scan all the things, count all the things on your network and apply policies accordingly. Security event monitoring of this kind can actually be very cost effective, especially when compared to the alternative. By providing proactive maintenance and thus meaningful analysis, you can protect your infrastructure and the data within it. Such network visibility helps you fight off the bad guys by spotting them almost before they get started.
Knowing what’s connected to your network is a big component of the visibility layer. Remember, the more Internet-facing devices there are on your network, the greater the opportunity for compromise.
3. Web protection should be policy-driven.
Web protection is another essential layer of security, providing a window into controlling, monitoring, and enforcing client web policies through a single front end. In fact, web protection is best thought of as being a policy-driven approach to security. Multiple devices can then point to a central policy that can be edited and scaled to suit a range of such devices rather than having device-level settings across the board.
Doing this enables you to apply website filtering by time or content to protect your employees from accessing harmful sites, perform bandwidth checks to prevent network throttling, and much more.
4. Patch Management.
You can scan for attack patterns and apply all the policies you want, but with new vulnerabilities being exposed regularly you will be hard-pressed to keep up with them all.
Although patch management isn’t a quick fix and won’t prevent zero-day exploits or unpatched vulnerabilities, it will help you keep up with the bad guys.
A good practice on top of this is to subscribe to vendor notifications, keep an eye on security news sites, and patch as soon as it’s safe to do so. But patching for the sake of patching isn’t going to do it. You need to know which patches are available and which ones are stable. Throwing an unstable patch at your live working environment without testing could do more damage to the business than the exploit it’s trying to prevent.
5. Encrypt what needs encrypting.
The problem with data encryption is that it's almost always seen as being a step too far — far too complex, far too expensive, far too much. The truth is that you're usually better off encrypting only the data that is most valuable to your organization. Data that is encrypted strongly enough will be beyond the abilities of most hackers. And it’s not difficult to do this; be sure to check out the following:
6. Authenticate, authenticate.
Authentication refers to the use of password managers and multifactor authentication. Strong passwords should be a no-brainer. But when you throw multiple secure passwords it can be difficult to manage. This is where enterprise, business-grade password managers come in to play. LastPass is an example; it’s not free but prices are affordable. A tool like this one allows you to manage a password policy from the cloud and generate truly secure passwords at the touch of a button. Even that, though, is not enough. You should add multifactor authentication into the mix as well. Whatever the added security layer, 2FA should be a baseline for any mature authentication policy.
7. Remove Files Securely.
Secure file deletion is the last item on our list of suggested layers, and it’s often the last thing on the mind of otherwise security-savvy folk. After all, if you’re removing something from the data equation it’s no longer a security problem, right? Wrong! Hitting delete doesn’t delete data securely, and nor does formatting a drive for that matter. It is forensically possible to retrieve data very easily, very quickly, and very cheaply.
At the very least encrypt your data then use secure deletion tools, such as eraser, on individual files and folders. It overwrites drive space with a series of 35 random patterns. It’s a free tool and towards the bottom of the paranoia-delete scale, but coupled with encryption is a good way to go.
These are just some of the various ways you can secure your data, your network and your business. For more ways to protect your network, check out the full list of features offered with our ITSecure and ITSecure+ offerings.
If you’re unsure if your security plan is sufficient, contact IT Solutions today. We can provide recommendations to help improve your network protection.