I thought about titling this piece “Puppies and Kittens,” since that would likely garner more interest than the topic of security.
But while it may not be the most exciting to discuss, company security should be one of the most important topics when it comes to your business.
Consider these statistics:
- Only 47% of the entire Internet traffic is driven by human beings. The rest of the traffic is automation with the vast majority related to malicious activities like viruses, botnets and malware, etc.
- MotherG’s own studies find that more than 75% of organizations assessed have inadequate malware protection.
- More than two-thirds of assessed companies have ineffective or malfunctioning backup systems.
- Only 22 percent of companies have a plan in place to deal with major cyber security incidents, according to a survey from KPMG and British Telecom.
- Multiple sources note that 60 percent of all online attacks in 2015 targeted small and midsize businesses.
So what can be done? You need to put more emphasis on sound security policies. We’ve outlined the 7 common areas to address security holes
1. GATEWAY SECURITY
This is often referred to as your firewall. While these don’t break often, they do get old and lose their effectiveness.
- Consider a replacement cycle of every 3 years: Newer threats demand newer engines to perform at acceptable levels.
- Enable penetration detection on the device: This will let alert you if someone is trying to break in.
- Ensure the gateway virus protection is enabled and current: We recommend weekly or daily updating.
- Employ GEO-IP-filtering: There is a strong uptick in foreign corporate espionage; consider preventing risky locations from entering the gateway device.
- Use a Botnet-filter: This essentially checks ingoing and outgoing connections for known bad IP addresses and domain names. If detected, the firewall will automatically log the activity or drop the connection altogether.
- Update your device’s firmware: New firmware is released to combat known security problems and bugs. Consider a managed firewall solution to have your IT partner do this for you.
2. MALWARE PROTECTION
- Install both antivirus and malware: Every computer on your network must be protected against spyware as much as viruses (including most servers).
- Have malware centrally managed: You need to ensure every device has the software installed and is getting updated regularly. The central management console helps report on this -- but this needs to be monitored by professionals.
- Conduct full scans weekly: Do not rely solely on the filters to keep the machines clean. We recommend weekly scans to interrogate the system to ensure it is OK.
3. SPAM PROTECTION OUTSIDE YOUR NETWORK
Spam is the most common delivery mechanism for threats that may be introduced to your network. Fight it.
- Use Cloud Service. Filter all your email outside your network. Given that over 90% of email traffic is spam, cleaning your messages before it hits the network will save on bandwidth and reduce your network traffic.
4. REINFORCE YOUR BACKUPS
In the event of a successful attack, many times your last hope will be recovering your system(s) from the last successful backup. Be sure your backups are comprehensive and working.
- Validate all server backups. Client audits have repeatedly shown that backups that were thought to be working properly were frequently flawed and failing. Additionally, many were not comprehensive backups of the entire system.
- Consider higher frequencies. Rather than just one daily backup, consider 3-6 backups every day. This reduces lost work in case of a problem.
- Backup Executive PC’s. For your high value workers, consider backing up their personal computer. Many times there are files that have not been copied to a server.
5. LOCKUP THE WIFI
With the proliferation of mobile devices you will have lots of network traffic that is outside your control.
- Offer two separate systems: Limit who has access and consider a private and guest network for your employees and guests.
6. SOUND TECHNOLOGY MANAGEMENT
Even with good tools and technology, you need to manage the computer network effectively.
- Patch management: Patches plug holes and kill the bugs that allow threats to enter operating systems.
- Insist on strong passwords: Complex is best. Hacking tools can typically break over 75% of passwords in under one minute. Make is harder for them.
7. BUSINESS POLICIES.
To augment the above tech practices, implement security-oriented business practices.
- Pen-Test annually. Hire a firm to perform a penetration test of your network annually and remediate identified issues immediately.
- Limit user and admin rights: Controlling rights limits the ability for the user and any one spoofing the user from potentially opening holes in the network.
- Create Acceptable Use Policies: These give you legal authorization to limit, control and prosecute violations actions on your network.
- Filter external sites: Consider limiting users to what is needed for their job; let employees browse on their mobile device not connected to your wireless network.
- Educate users. While not malicious in how they introduce threats, they may be doing so without knowing it. Educate them on the common threats, avoidance techniques and what is OK and not OK in the course of doing their job.
Addressing poorly managed security technology and practices can be essential to your business surviving an attack.
The computer and internet world is getting more dangerous every day. Fight that with good security to reduce the areas of risk and to make it more difficult to crack what must remain open.
In return, you and your company will benefit from saved money and time, peace of mind, less downtime, more productivity and less risk.