You can have the best, near-impenetrable servers and systems in the world but if your security essentials are weak you could still be vulnerable. What essentials do you need to get it right?
Enterprise security is a tricky beast: with home security, you’re only looking after one or two endpoints, whereas with enterprise it can be hundreds.
Layered security and understanding how a potential hacker could attack you and what they might be looking to take.
There are a few key tenants which form a solid foundation upon which you can build as secure a network as possible.
Education, education, education
If your staff don’t know what they are looking for how can they avoid it?
The vast majority of enterprise level hacks start with a phishing email. This could be a very specifically crafted email or a series of similar looking emails that are fired at as many people as possible in a scattershot approach.
Either way, if your staff don’t know what to look out for or don’t have a simple method of reporting any such activity then they are likely to get caught out.
There are companies out there, much like penetration testers, which will attempt to phish your company and identify your flaws.
But before you pay for that a simple checklist of what to look for in an email, how to confirm its authenticity and what to do if you spot a dodgy one, is a great start.
Ensuring that your employees have the permissions they need and only the permissions they need can go a long way to mitigating a potentially successful phishing attempt or any intrusion into your system: even the dreaded ‘insider threat’.
For example, does the marketing department need access to the technical department’s systems? Looking even closer, does your social media guru need access to your business marketers’ customer information? Unlikely.
The more aggressive you can be the better. Obviously, you don’t want to hamper your staff’s day-to-day working but knowing who has access to what and occasionally reviewing permission is essential.
Keep your systems up-to-date. It goes without saying hopefully but this includes all of the software that your members of staff use on a daily basis.
Keeping your operating systems and antivirus up-to-date is incredibly important, particularly ensuring that updates are installed on every workstation in a timely manner.
On a tangential note, if a workstation or a member of staff doesn’t require Adobe Flash Player or Java then get rid of them. Particularly Flash as it is consistently shown to be vulnerable to zero-day exploits, even after brand new updates.
Just the beginning
There you have it, a few basics to get you started. Hopefully, they are all fairly obvious to the vast majority of you but they aren’t to be overlooked: that way disaster lays.
From here you can build an extremely secure network but always make sure to keep these basics in mind.
If we can help please let us know.