Twelve Tips To Improve Your Company's Security4:03 PM EST Thu. Sep. 20, 2001
Company executives and IT professionals should be on the alert for cyberattacks, and there are some basic measures to improve security right away.
Telenisus, a managed services provider specializing in Internet security, is providing tips on what to do now to tighten business security at your company.
1. Remove active accounts, such as phone, e-mail, Internet and voicemail, belonging to former employees and consultants.
2. Establish a protocol for human resources personnel so they can notify system administrators when employees leave the company.
3. Review data being allowed in through each network connection. If you cannot determine where remote entries are coming from, shut them down.
4. Review how remote and external users are being authenticated. Where possible, move from weak authentication methods, like password use, to strong methods, like token-based authentication.
5. Make sure all encryption functionalities on your existing software applications are enabled.
6. Make sure your critical systems have been recently backed-up and that backups are protected at another location.
7. Review security alerts and vendors' patch announcements. Know what versions of operating systems you have, seek out alerts that affect them and apply the appropriate patches quickly.
8. Make sure your networks, hosts and applications are being monitored for malicious/abnormal activity. The worst scenario is for an attack to go on for days or weeks undetected.
9. Undergo a security test of your corporate network perimeter to find, then fix, any vulnerabilities.
10. Update your business continuity plan. Define what people must do in the event of a facility or information systems breakdown as well as scenarios where critical personnel or business partners are unavailable.
11. Classify your data based on what is most valuable and what would cause the most risk if compromised. Then, look at how it is protected in storage and transmission, whether in paper or electronic form.
12. Inform employees how they are expected to protect company information. Educate users on use of passwords, including avoidance of setting easily guessed passwords; improper posting of passwords on PCs and sharing of passwords. Help them understand the "social engineering" threat and the importance of protecting such property as laptops, PDAs and paperwork in and away from the office.