Network Security Should Not Be an Afterthought

One of the conclusions of a new study, “What CISOs Worry About in 2018,” by security research group and think tank, the Ponemon Institute, in conjunction with security risk and compliance vendor, Opus, is that about 66% of the respondents said they believe their companies are more likely to fall victim to a cyber attack or data breach in 2018, with some 60% reporting those concerns are higher than they had last year. (Source: Windows IT Pro Today)

The unfortunate truth for modern business is that if you have a corporate network, you are vulnerable. That is simply a fact of life.

Some 65% of the respondents reported they expect to experience credential theft due to a careless employee falling for a phishing scam. About 60% said they believe that IoT (Internet of Things – think the NEST thermostat for one) devices will be the most challenging disruptive technology they will have to deal with this year.

It has never been more important to implement and enforce simple, common sense security procedures in order to protect your company’s data, not to mention the data about your clients you may have stored on your network.

Some simple ways to address these issues are:

  1. Get a firewall (or firewall/router combination). This is your first line of defense against someone looking to steal your data. And make sure to password protect your firewall.
  2. Keep router firmware up-to-date. As new exploits emerge, most vendors supply updates to secure their equipment. Make sure to apply those updates in a timely manner.
  3. Block all but necessary incoming traffic. This sounds like a significant inconvenience but it is the old ounce-of-prevention philosophy.
  4. Implement web filtering. So often bad actors set up temporary web sites to conduct their illegal schemes. Web filtering software tracks this information and helps by blocking access to suspicious sites. Simply exercising a bit of caution when using the Internet can prevent lost data and time.
  5. Use a VPN (Virtual Private Network) for all remote connectivity. This is a must. If you connect to your network from home or while on the road, a VPN encrypts the data making it impossible for thieves to steal it.
  6. Establish and enforce strict password policies and do not share passwords. This is the simplest and most overlooked security strategy that can be implemented in an organization. In 2017, the sequences “123456” and “password” were the two most common (and least secure) passwords used by computer users (source: USA Today).
  7. Maintain secure backups. In the event your data is compromised, a secure backup is the first step in restoring your data and thwarting a would-be thief.
  8. Create a security culture in your company. This goes hand-in-hand with number 10 below. Ensure that your employees understand the importance of security. They wouldn’t leave the office for the evening without locking the door. Using weak passwords or not logging off of their computers when they are finished is the virtual equivalent of leaving the door open.
  9. Restrict administrative access. Everyone wants to be an administrator on their computer but the truth is most modern software runs just fine without administrative access. The best hacker out there can be stopped by something as simple as only having standard user access to a device.
  10. Be suspicious of email with attachments or links. If you receive an unexpected email from a colleague that includes an attachment or link, don’t open it without first verifying it is valid. A simple phone call can prevent a world of pain.

Lastly, be sure to get owner/board-level involvement to make accountability start at the top. According to Dr. Ponemon, “Security has always been a middle-management issue. You really can’t succeed if you are constantly vulnerable to attack. Raising it to the board and CEO brings it to a higher level of importance inside the organization.”

Security has never been more important to safely operating your network–not to mention getting a good night’s sleep. The good news is that it is not difficult as long as a little caution and some simple processes are a part of your daily routine.