[feather_share]
I recently had a small business owner approach me on some things that they could do to improve the security of their office network. They already had a basic firewall in place and anti-virus was installed on all machines.
After asking a few questions about their current practices, the following things came to mind as some low-hanging fruit that would produce the biggest impact. My guess is that most small business or home offices could take advantage of one or more of these suggestions.
1. De-Privilege Your Users
With the release of Windows7, Microsoft improved security by requiring user verification to run certain processes and applications (this helps to prevent malware from installing as easily). Unfortunately, it's still not enough. The best practice when it comes to user access is to de-privilege your users as much as possible. Simply put, don't give your users administrative rights on their PCs. Yes, this will be a little inconvenient at times, but this is a vital step in securing your network. It will prevent most malware from installing, and will limit the damage of the ones that do install.
To check the privilege of the users on your Windows7 PC do the following:
Go to Start, Click in the "Search programs and files", type user access, hit enter
The window you get should tell you the users and their privilege level.
Normal users of a given PC should be in the "Users" group. Any user in the "Administrators" group should only be doing administrative functions on the system, including software installation, updates, and other maintenance. Members of the Administrators group should also limit or eliminate their use of web browsing and email.
Whenever possible, de-privilege users that don't need administrator rights to the User group.
2. Never Forget the Value of a Good Patch
Your Microsoft applications, including Windows, Word, & Excel, all have weekly patches released to fix bugs or security vulnerabilities in their code. You can have your systems download and install these automatically by ensuring that a few simple settings are properly configured.
Your PC also uses 3rd Party Applications like Java and Adobe Flash to name a few. These applications are also in need of regular patches to stay secure and functioning properly. Unfortunately, there is not a setting on your PC to automatically apply these updates. Ninite (ninite.com) is the best tool that I've found to help with this. The free version can install and update a myriad of 3rd party apps and is very easy to use. The pro version allows you to update all machines on your network and there are ways to write scripts to make the update an automated task.
3. Be Cautious of Email
This is the easiest, but most complicated of all four. Some would argue that it is most important, and it very well may be. This is the Social Engineering side of cybersecurity and it is becoming increasingly difficult to stay ahead of. Hackers don't work they way they used to; it's no longer about breaking through the firewall, it's about tricking users into letting them in. Why would a burglar break into a house if they can convince the homeowner to open the door and let them in?
That is exactly what you are doing when you follow a link or open an attachment in an email from an attacker. These emails are sent with the intention of having you run a malicious script, download and install malware, or surrender your username and password. They play on our human emotions and can be very hard to resist.
Some examples of malicious email include (but are not limited to):
Phony shipping alerts
Urgent bank notices
Notice of lottery winnings
Make fast cash now schemes
Facebook distress messages
E-Cards
The challenging part to all of this is that you have a business to run and email plays a huge role in the success of your business. So how do you sift out the good from the bad?
Full webinars and even courses have been dedicated to the subject, but it can be simply boiled down to this:
DO NOT open links or attachments in email you are not expecting.
If you make sure that everyone in your organization follows this rule, you will take a big step in the right direction to improve your email security.
4. Have a Backup Plan
All the security controls in the world cannot guarantee immunity from system downtime or failure and having a good backup strategy is essential in the recovery process.
Knowing which systems house your critical information is the first step in this process. Take an inventory of what workstations and/or servers host your important files and create a backup plan for each one.
At a minimum, your backup strategy should include creating a copy of your critical information and storing it in a secure, offsite location. This can be done with very affordable online backup solutions, or via external hard drive that is physically taken offsite (the further the distance from the original copy, the better).
Online backup products are the preferred method because the process can be completely automated, requiring very little human intervention. Set up a daily backup with a status report sent to your inbox, and you are done; no need to lug around an external hard drive or backup tapes.
Be sure to test your backups regularly so you know you have a good copy to recover from when the need arises.
Discussion: Are these 4 items in place in your office or home network?
Email or Tweet me your responses and/or any questions on this post.
Like this? Please Share:
[feather_share]