Now is the time when many people begin to think about their New Year’s resolutions. While these often extend to weight loss and other personal endeavors for individuals, goals tend to be quite different for businesses. One essential to think about with the looming new year is a company’s security, and how it can be improved upon.
There are often items that may go overlooked when business administrators initially set up their firm’s network security. Thankfully, there are always opportunities to enhance these configurations, and the new year presents just such a chance. Let’s take a look at some of the ways enterprises can boost their cybersecurity strategies going into 2015:
1) Begin with the basics
The first place to launch this initiative is with the basics. Depending on the type of business and its unique needs, this can include an overarching network monitoring system, security patches, updates and other primary protections. CSO contributor William Pelgrin noted that many data breaches come as a result of organizations not paying enough attention to the more simplistic items involved in an all-encompassing security program.
“Applying just a few basic hygiene behaviors will mitigate the majority of known attack vectors,” Pelgrin wrote. “By implementing these critical basics, businesses can free up limited resources to focus on the more difficult cyber challenges.”
With the basics covered, the IT team can turn a more attentive eye toward zero-day and other emerging threats, and ensure the firm is fully safeguarded against a wide range of attack vectors.
2) Have usage policies in place for employees
Other essential items to take into account include the current usage policies in place within the organization. Moreover, if no policies exist, now is the time to draft and deploy management procedures to ensure that employees understand their responsibilities when it comes to certain systems and technologies and what could happen if they don’t follow the guidelines set out by the company. While each business’s needs will differ, overarching policies that nearly every firm should have in place concern the use of mobile devices, applications and cloud technologies. Cimtrak noted that policies should lay out which employees are eligible to access these services, how they should do so in a secure manner and if approval is necessary from management. In addition, these guidelines should also address the use of authentication credentials and the consequences should workers not follow policies.
3) Enhance network monitoring with time stamps
Network monitoring solutions can also be improved heading into the new year. One way to do this is through the use of timestamps. Oftentimes, this is a capability that comes built in to the system and simply needs to be activated. Apcon pointed out that timestamps can be incredibly helpful, particularly when it comes to tracking services that can be sensitive to network latency, including VoIP and video streaming applications. In addition, timestamps can also be valuable if any suspicious activity is discovered within the network. With timestamps in place, network administrators can pinpoint exactly when out-of-the-ordinary tasks began taking place, and provide a paper trail for auditors and other internal supervisors.
4) Re-examine authentication credentials
The new year is also a time for taking another look at certain security elements, including authentication credentials. 21CT contributor Scott Spinola noted that managers should ensure that all employees are leveraging passwords that follow best practices: using a mix of lower and upper case letters, numbers and special symbols and ensuring that passwords don’t contain easily-guessed personal information. In addition, the beginning of the new year can be a good time to institute a password-changing program, which encourages staff members to create and utilize new passwords on a regular basis throughout the year. This can help ensure that authentication credentials are always secure and lowers the chances of any unauthorized access to sensitive company materials.
5) Know who and what is accessing the network
Pelgrin also suggested that administrators take another look at their overall network to ensure they have a full understanding of the users accessing it and the devices they leverage to do so. Network engineers should know what wired and mobile equipment is connected to and running on their infrastructure, including any and all servers, routers, switches, computers, smartphones, tablets, removable hard drives and other items.
“Senior executives in your organization should review the inventory at least yearly, reconcile any discrepancies and discuss the security of the assets,” Pelgrin wrote.
When all items are identified in this manner, it becomes much easier for network administrators to spot any unwelcome visitors or any unauthorized devices attempting to utilize the network.