Sometimes, network security sounds like a complex proposition. Many business owners don’t understand the technology, so they avoid dealing with security concerns that could affect their businesses and their customers. Unfortunately, the ostrich approach won’t work in today’s connected world; cyber attacks increase exponentially every year — and so does the amount of money that businesses lose from a network breach.
The good news is three steps can save your company from 85 percent of cyber attacks.
Whitelisting
Many IT departments approach security by blacklisting undesirable websites or types of malware. Instead, look for virus protection tools that enable a process called whitelisting. In essence, whitelisting only allows employees to access approved websites. A website can’t be accessed via your company network until it’s added to the whitelist. Blacklisting prevents employees from accessing forbidden websites.
Security expert and Electronic Frontier Foundation (EFF) member Bruce Schneier compares whitelisting to traditional physical security. To get into an area, someone needs to have a key or to know a keypad code. Alternatively, he compares blacklisting to a casino, in which most people can get in except for a few bad apples who’ve been banned. He compares casino bouncers to antivirus software, which has the job of filtering out the network’s recognized bad apples, or malware. Although blacklisting is a useful security measure, whitelisting measures like access control can provide a higher level of security than blacklisting alone.
Whitelisting includes not only approved websites, but also approved applications. The best virus protection providers maintain an up-to-date cloud-accessible whitelist that networks can access for maximum security. Network administrators can also set up a “default deny” mode, allowing company computers to only access whitelisted websites and applications. They can also use different rules based on options like filename, MD5, source folder or vendor to make whitelisting more broad. Access control listings (ACL) are crucial to make sure employees can only access relevant areas of the network.
Regular Patching
One of the biggest advantages of using cloud services is applications are automatically patched as soon as software developers issue updates. It’s worthwhile for any IT department to protect itself by establishing a regular patching and updating schedule. In addition to signing up for automatic updates, companies should train their employees never to click “remind me later” when asked to update software. Also, all updates should come through an approved— in other words, whitelisted—software vendor. In addition, warn employees not to click on email links that claim to contain software updates. Instead, they should use the “software update” function on the computer to perform all updates.
Updating antivirus software regularly is a crucial component of any company’s security strategy. Attackers release a high volume of new threats everyday, and security companies do a good job of working together to keep each other informed about those threats. Patch all security software regularly in addition to upgrading applications and operating systems.
Restrict Administrator Access
Limiting administrator rights on computers in your company means fewer people that download malware have the network accessibility to transmit the infection to the company network. If an admin is using an administrator account for routine computing, then he or she is putting the company network at risk. Administrators need enough access to manage the network’s performance, but they shouldn’t have access to sensitive information or, in the Unix or Linux environment, root access to pretty much everything.
Certain tools allow companies to encrypt their data and then to set up rules to allow only certain people to access data. Administrators can still add accounts and add applications, but they don’t necessarily get to view the files the applications or new account holders can access. Unfortunately, in an effort to keep everything up and running 24/7, companies often authorize too many employees as administrators until every department or group has its own administrator, and they need to periodically purge the rolls to limit administrator access.
Like any security measure, restricting admin accounts creates occasional slowdowns in the workplace. However, compared to the problems and the regulatory penalties that come from a data breach, employees and company owners must tolerate a little bit of inconvenience.