By David Kelleher, Communications and Research Analyst, GFI Software.
2009 may have been the year of “flying by the seat of your pants” security policies, but 2010 can be a safer year if you follow a few simple steps. Limit access to those who need it
In SMBs it is often the case that most people tend to be given full privileges and access to the network and to devices that they do not need to do their job. Taking such liberties with security is asking for trouble because whilst it is likely that your boss’s recruitment skills are top notch and employ honest, trustworthy people were in fact employed, as IT administrator who is responsible for the organization’s network security, it remains a risk that you do not want to take just in case.
2. Control the use of portable devices on the network
Endpoint security is another issue that is based on too much trust. Insider threats can often be the most harmful and the least likely to be protected against, merely because employees and management in an SMB tend to have high levels of trust towards each other. Network activity should be monitored and the use of portable devices on the network such as iPods and USB sticks should be forbidden as it is too easy for a disgruntled employee to steal confidential data without being noticed.
3. Limit Internet browsing
End users often fail to realize the threats that they can be exposed to on the Internet so it’s best to nip the problem in the bud and limit their browsing capabilities so as not to allow viruses and other threats to infiltrate the network. The problems lie mainly with peer to peer sites and social networking sites such as Facebook whereby malicious links can be sent from a ‘friend’s’ hacked account without one realizing that the link leads to a harmful website that could download malware or some other threat onto the user’s machine and then spread onto the network.
4. Carry out regular audits on the network
Monitoring event logs and carrying out regular audits provides you with important information about the network and is therefore a beneficial task; unfortunately this undertaking is also very tedious and time-consuming. However when it comes to network security this is definitely a step that should not be skipped because of the crucial data that it provides. Regular audits let you know what materials are available on the network whilst log analysis allows you to better understand the way that resources are being used and how to improve the management of these resources.
5. Ensure that systems are secure before connecting them to the Internet
Whilst any computer can be taken out of the box and connected directly to the Internet it’s a major security blunder. Before any computer is connected to an Ethernet cable, or telephone line, anti virus and anti spam software must be installed as well as a program that prevents malicious software from being installed. Once these security features are installed and the machine is then hooked up to the Internet, it is critical that these security features are kept updated at all times to ensure protection from malware and viruses. Operating systems are prone to security holes and once a flaw is detected it is usually exploited within a short time frame. Up-to-date security scanners ensure that the latest malicious software is detected immediately so that the appropriate patches can then be downloaded.
6. Eliminate default accounts/passwords
This is a basic but very common mistake that is preyed upon by hackers. By leaving the default account name and password on test systems hackers can very easily infiltrate the network and take over. Names and passwords should be changed upon immediate connection to the network to avoid hacking.
7. Always authenticate callers
Authenticating callers might seem like a redundant process for administrators when they can recognize the voice of the caller; however, giving out password changes or other confidential information over the phone without following a proper authentication process could lead to security problems that often cannot be traced back to their point of origin and thus all the harder to detect and deal with.
8. Maintain and test backups
Failing to maintain backups of the system is practically unheard of by IT administrators but actually testing the backups and confirming that your disaster recovery plan actually works is another issue. Firstly proper backups must be created on a regular basis and kept in a safe place off site. If this step is being done then the next thing is to actually ensure that the backups work in case of an emergency. Backups that don’t work are of no use and the work that went into creating them has effectively been a waste of time. Having proper backups is a lot easier and cheaper than creating the data from scratch.
9. Test your disaster recovery plan
Your disaster recovery plan is probably a work of art in theory and looks great all planned out on paper filed away in your disaster recovery folder, but how does it work in practice? Have you actually simulated a disaster situation where your back ups need to be used in order to get your systems back up and running so that work can continue and loss of revenue is kept to a minimum? Planning such a simulation to ensure that the organization can get back on its feet using backups should an emergency occur is a critical step in security. A disaster recovery plan that fails when put into practice is just another disaster!
10. Don’t go it alone!
If you work in an SMB then it’s likely that you comprise the entire IT department and whilst you are likely to be perfectly capable of managing, there’s no shame in asking for help with the bigger tasks. Setting up the network on your own is somewhat of a gargantuan task and outside help should be sought if you don’t have the experience or the skills as yet. Although employing external help may be costly, you are assured that the job is done right the first time round. Preventing the breach will cost less than fixing it.