In the first of this two-part issue, we discuss the top 10 security concerns for small to mid-sized companies. Find out if your office measures up on the first five on the list.
The Top 10 Network Security Concerns for Small to Mid-Sized Organizations
Network and computer security are themes you encounter throughout your day. You are greeted by spam as you open your inbox. An anti-virus program runs as you leave your office. You hear the horror stories of companies losing all of their data in the face of disaster on the 11 o'clock news. Do you fully understand the components of network security? Do you know what security measures need to be in place, and more importantly, why? If your profession requires you to supervise a network, or if you are a CEO responsible for a smoothly functioning information system, this article is for you.
In our two-part series, Being Security Savvy, we will count down the top 10 network security concerns—what you should be aware of, how you should respond and why.
Computer security is generally defined as measures and controls that ensure the security and availability of the information processed, stored, and transmitted by a computer. Network security is defined as the protection of networks and their services from unauthorized modification, destruction or disclosure, and provision of assurance that the network performs its critical functions with no harmful side effects. The following are five measures your organization can implement to begin securing your company's computers and network today.
|
SERVER UPDATES
|
Server updates should occur monthly or whenever there is an imminent security threat. Does this happen automatically? No. A network services company or your IT department should be updating your server on a regular basis. This is important because Microsoft and other leading companies release critical security patches to servers on a recurring schedule; if your server is not being updated, these security patches are not being applied. If these patches are not applied, hackers can take advantage of the loopholes they fix, penetrate your server, and severely compromise your system's security.
|
SPAM FILTERING SERVICE
|
Do you have one? Spam, in addition to clogging your inbox and causing annoyance and decreased productivity, is notorious for carrying spyware and viruses. Even more critical, however, is its ability to deflect an insidious type of spam attack called a Directory Harvest Attack or a Dictionary Attack. These attacks bombard your email server with tens or hundreds of thousands of emails to identify the legitimate addresses in your organization that can be spammed. A DHA can bring your mail server to its knees and also eat up your internet bandwidth. That is why it is important to have your spam filtering service be a third-party, offsite solution. As a side benefit, your staff might actually be more productive... and also protected from phishing attacks, which simulate legitimate emails but, in fact, are actually the most popular tool for identity theft.
|
EMPLOYEE SEPARATION POLICY
|
|
When you start a job with a new company, you are immediately inundated with a sea of forms, policy and procedure manuals, and access codes. But what happens when you leave that company? Depending upon the industry, corporate employees may have access to an intra-office network, office email, confidential client information, personnel records and more. Is your organization doing anything to ensure that these privileges are effectively revoked upon an employee's departure? Companies today must have a standard written policy when it comes to terminating employee access. When an employee leaves, regardless of the reason or that Person's rank or position, this policy must be enforced, successfully terminating all network and other access privileges for the employee as quickly as possible. |
|
|
PASSWORD POLICIES |
Your significant other. Your favorite pet. Your birthday. Sure, you love them, but they make lousy passwords. Good, difficult-to-guess passwords are essential to computer security. What makes a strong password? Here are the rules: Strong passwords (1) are at least eight characters long; (2) include letters, numbers, special characters and even capitalization; and (3) are changed frequently. Create a company policy that outlines these tips, and hold employees to it. In addition, make sure your employees password-protect their screen savers. If your business or HR manager leaves for an hour lunch and doesn't have a password-protected screen saver, there's no telling who might access—or steal—his or her unguarded information.
|
EDUCATION
|
Educate users about secure computing practices—and the importance of sticking to them. Common sense usually reigns supreme when it comes to basic office and home computer security, but sometimes laziness or curiosity can get the best of us. For example, what would you and your employees do if someone called you up on the phone and asked for your social security number? Hopefully, you would hang up. What if a man or woman with a clipboard came by your office, claimed to be with the IT team, and asked for your network username and password? Be careful to whom you give this information! Just as you shouldn't give personal information out carelessly, neither should you open emails or email attachments from addresses you don't recognize. Instead, immediately delete the email. Do the same at home; if you don't, you could be putting your personal and work information at risk. Today, many employees use VPN clients to remotely access business servers from home. If you and/or your employees don't take security precautions at home, you could be putting your entire office network at risk. Finally, secure computing practices are useless if supplemented with irresponsible behavior. You can require your employees to change their passwords daily, but if they write those passwords on sticky-notes conveniently affixed to their computer monitors, this policy is of little consequence. An essential part of practicing secure computing is educating employees to make smart computing decisions.
Last Word
By ensuring servers are backed up and updated, spam is filtered and deleted, employee separation and password policies are created and enforced, and employees are educated about the importance of these measures, you and your organization will be on the path to a secure network environment.
Stay tuned next month for the second installment of Being Security Savvy, where we will count down the remaining top five network security concerns for small to mid-sized organizations.
If you have a question regarding any of the information contained within this article, or would like a comprehensive network security analysis for your organization, please contact Optimal Networks at 240-499-7900 or email us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
0 Comments