There are many factors that can bring down your computer networks and compromise data, including cyber criminals, carelessness and disgruntled employees.
The hardware, software, policies and procedures that make up the many layers of network security are designed to defend your company’s systems from these threats.
What are the most common threats?
- Viruses, worms, Trojan horses, spyware, malware, adware, botnets etc.
- Zero-day and zero-hour attacks
- Hacker attacks
- Denial of Service (DoS) and Distributed Denial of Service Attacks (DDoS)
- Data theft
These threats look to exploit:
- Unsecured wireless networks
- Unpatched software and hardware
- Unsecured websites
- Potentially unwanted applications (PUAs)
- Weak passwords
- Lost devices
- Unwitting users or users with malicious intent.
Top 5 fundamentals of network security
Following these five fundamentals will help protect your reputation and reduce liability:
1. Keep patches and updates current
When administrators are lax about applying patches and updates, cyber criminals exploit all possible vulnerabilities. In particular, verify that office computers are running current versions of these much used programs:
- Adobe Acrobat and Reader
- Adobe Flash
- Oracle Java
- Microsoft Internet Explorer
- Microsoft Office Suite
Make sure you keep an inventory to make sure ALL your devices are updated regularly.
2. Use strong passwords
Your password should be comprised of at least 6 characters, preferably more, and uses a combination of upper- and lower-case letters, numbers and symbols. This should go without saying: they should be kept out of sight and only shared with trusted employees who need them.
If you want some more tips, check out what Symantec has to say.
It is not uncommon for hackers to impersonate tech support to get people to give out their password, so train users to recognize these social engineering techniques and avoid danger.
The SANS Institute also recommends that passwords be changed every few months at least, without duplicates. They also suggest that users be locked out of their accounts after multiple failed long-on attempts within a short time period.
3. Secure your VPN
Reviewing the documentation for your server and VPN software is a must. You want the strongest possible protocols for encryption and authentication to protect your network/data from hackers while your information is traveling over the Internet.
The most secure identity authentication method is multi-factor authentication. Including extra steps to prove a user’s identity, like a PIN, makes it more difficult for unwanted users to enter your network.
Here’s an idea: use a firewall to separate the VPN network from the rest of the network. Want more? Other tips include:
- Use cloud-based email and file sharing instead of a VPN.
- Create and enforce user-access policies. Be stingy when granting access to employees, contractors and business partners.
- Make sure employees know how to secure their home wireless networks. Malicious software that infects their devices at home can infect the company network via an open VPN connection, and
- Before granting mobile devices full access to the network, check them for up-to-date anti-virus software, firewalls and spam filters.
4. Actively manage user access privileges
According to a recent survey of 5,500 companies by HP and the Ponemon Institute, more than half said that their employs have access to “sensitive, confidential data outside the scope of their job requirements.”
Inappropriate user-access privileges are a security threat and should not be overlooked. When an employee’s job changes, make sure the IT department is notified so their access privileges can be modified to fit the duties of the new position.
5. Clean up inactive accounts
Hackers often use inactive accounts that were once assigned to employees in order to gain access and disguise their activity. Software is available for cleaning up inactive accounts over large networks with many users.
If you would like more information and bonus network security tips, check out our original story.
Cross-posted from Network Fundamentals.