Security breach, account hacks, and password theft are all becoming too common these days. Some might even say we are still dealing with the fallout of Adobe’s security breach from October 2013. A lot more has happened since October. Let’s see, Target stores, Harbor Freight, eBay, Michaels stores, UPS stores, and as of the time this article is being written HomeDepot payment systems had just been breached.
You might ask, if the big corporations can’t seem to figure it out how then can you protect your company? The solutions may not be so obvious but here are some ideas.Minimize your exposure
Maintain an inventory of software applications in use and have a process to vet new ones. There is an app for just about anything these days and they will find their way onto your network. Invest in an Intrusion Prevention System, maintain and update your Antivirus software and educate your users on proper web use. Create an Acceptable Use Policy if you do not already have one. Hire a reputable agency to conduct a security audit and penetration test.
Proper Account Management
Disable accounts that are no longer in use. Create a process to purge the disabled accounts once they have passed the retention period. Enable audits for successful and failed logon attempts in your domain and enforce password expiration and complexity policies.
Give users just the right amount of access and nothing more. Insider misuse remains the leading cause of system breaches.
Educate Your Users
Create a process for educating users on how to protect their information as well as company data. Teach your users how to spot Spam, malware, and bad web sites. The more you do here the better and safer your network will be. Let your users know that IT or administrators will never ask for their password. IT staff should use common sense when talking to vendors at conferences or meetings. Social engineering is on a rise, you would be surprised on how much a hacker could learn about your network by asking a few crafty questions.
Secure Your Network
So you have secured your wired network what about your wireless network and your perimeter network. Consider 802.1X for your wireless LAN, integrate wireless access authentication with a RADIUS server. Doing this will allow you to reap benefits such as a more secure wireless LAN, central account management and a carry over of your directory policies - account lockout, account suspension, etc. Identify vendors that have access to your systems and disable those accounts while not in use. Limit remote access to your network. Consider enabling Split Tunneling so users will not be able to surf the web once they have established a VPN connection. Harden web servers, VOIP servers and mail servers that live on your perimeter network.
Not all the suggestions here will fit your network. Use your judgement and make sure whatever solution(s) you choose is both flexible and usable. Avoid creating a tedious process for your users. If the process is too complex and hinders productivity you may end up with users putting up post-it notes with their password on them.
Learn how to create a systems management process here