Got IT security?
In the past few weeks, we’ve read about a number of high-profile brands that have had their security compromised. IT security is often something that is overlooked within most small and medium-sized businesses. However, these high-profile hacks should make security top of mind for most and turn it into a priority for 2013.
If you didn’t hear about all the recent hacks and security breaches, I want to highlight some of the companies that were compromised. Facebook, Apple, NBC, Burger King, and Jeep were all global brands impacted by recent security breaches. Not only were websites and corporate systems accessed, but social networks, an extension of company brands, were also targeted.
These examples highlight why your IT security needs to involve a multi-layered approach to protecting your company assets as well as customer data. IT security is a broad topic, so I wanted to identify some key points to consider when reviewing and implementing IT security best practices:
When thinking about IT security for your business, there is no magic bullet to address all risks. It is a multi-layer approach which includes systems, technology, process, and people. When it comes to your systems and IT infrastructure, here are some things to consider:
- Firewall: This is the device that connects your corporate network to the outside world. Does your business have a business-grade (not consumer) firewall that has security scanning technologies/software built-in, such as IPS (intrusion prevention systems)?
- E-mail: Are you using a third-party antispam/antimalware platform that scans and cleans your e-mails before they arrive on your corporate network?
- Desktops and servers: Do you have antivirus and antimalware running on your endpoints?
- Laptops: Do your corporate laptops have a software-based firewall as part of your antivirus package, so when plugged into the Internet directly (not behind a firewall) they still have some level of protection?
- Physical access: Is your server room or data centre secured by lock and key or can someone pick up your server and walk away with it?
- Encryption: Does your website have a SSL certificate and are you using Windows’ built-in encryption technology called BitLocker to encrypt your data?
Policies, procedures, and people
Systems and technology are only one piece of the puzzle when it comes to IT security. Equally important are the policies, procedures, and people involved in your overall IT security strategy, as these will set the operating guidelines to ensure a minimum security baseline. Here are some things to consider when creating new policies and procedures aimed at improving corporate security:
- Who has admin accounts and access to which systems, including social media networks?
- Do you audit access to critical accounts and key information systems as well as customer data?
- What are your minimum password requirements for complexity, uniqueness, and expiration?
- When employees leave the organization, what is the process to disable access to systems?
- How often do you update and patch Windows servers and desktops?
- Is your corporate Wi-Fi using the most secure protocol?
- How often do you perform a holistic review (external/internal audit) of your IT security?
- Does your business/industry have certain security standards that it must adhere to for compliance purposes?
The recent attacks on high-profile companies prove that nobody’s security is perfect. Regardless of how much is spent on beefing up securing, there are zero-day threats. In some of the recent high-profile hacks, the company that was attacked had up-to-date software but was targeted by malicious individuals who were able to exploit a software bug previously unknown to the software vendor. This illustrates that even if you have everything secured like Fort Knox, if someone really wanted to gain access to your information systems, there is still a small risk of intrusion.
With that being said, your overall risk is drastically reduced by ensuring you have best-practice security systems and policies in place which will address 99 percent of the most common security breaches. With the amount of business and customer data spread across multiple systems these days, combined with the ever-growing need for information access, it’s time to prioritize IT security and ensure your business is protected.