Cyber attacks use malicious code such as viruses and ransomware to modify computer code, data,or logic culminating into destructive consequences that can compromise your data and business. No amount of physical protections or software tools can provide 100% security for your computers and network. Your goal is to reduce the risk of and from attack to the greatest extent possible using tools and procedures.
Tools for protecting your company include:
- Physical security to your servers and equipment
- Network firewalls at the entry point to your network
- Software firewalls and barriers on both servers and workstations
- Anti-virus and anti-mailware software on both servers and workstations
- Backups performed on a regular basis online, offline and offsite
- Imaging of servers as part of your backup policies
- E-mail is screened and filtered
These are all considered standard tools in today's technology environment. Just as important are the use of policies and procedures in your environment:
- Use of strong passwords that expire on a regular basis for all employees including system administrators
- Periodic changing of your service account passwords
- Development and periodic update of a disaster recovery plan
- Testing restoration of backups on a periodic schedule
- Limiting and securing all public internet addresses on your network
- Computers, servers, storage devices and peripheral devices are patched and updated
On a periodic basis it is also advisable to hire an independent expert to perform a security audit of your environment:
- Are user password policies complied with on a consistent basis
- Firewall rules are configured properly to restrict access to your network
- Anti-virus / and anti malware is updated on a regular basis
- Computers and network devices including printer, plotters, scanners and switches have the latest firmware, drivers and software
- Backups are secure, verified and validated
Most security experts also agree that the biggest risks are your users, and educating them will be the most important aspect. One of the most important and often overlooked security process is securing your network using a least priveledged access model. Simply stated users and service accounts should only be able to see and use the resources they need to use. For example, most users should not have the rights to install applications on servers and workstations.
In the next installment on cyber security we will provide guidance and insights on guidelines for employees. If you can't wait to learn more, contact one of our representatives at firstname.lastname@example.org or call one of our solution experts at 678-627-0646 x230.