Security is an afterthought until it is too late. If your organization doesn’t have a dedicated IT security team, it’s all too easy to postpone vital security work in an effort to just keep things running.
To keep yourself sane, we recommend taking a layered approach. By splitting up the actions across your organization and baking security practices into your IT projects from the start, you can drastically reduce the likelihood of ransomware attacks, disruption of services, data breaches and other threats.
Your users can be (er.. *are*) a huge security threat. There’s your run of the mill actions – opening suspicious “faxed emails” containing ransomware, failing to recognize phishing attacks – and malicious actions. An account executive copying every file on the network to their thumbdrive can be a far greater security threat than the latest virus.
So what should you do?
Protect against unnecessary oversights and mistakes by limiting user permissions to the greatest extent possible. Work with your Human Resources department to establish clear procedures for granting access to new hires and revoking accounts and updating permissions on exit. Do what you can to train your user base to be suspicious – they can be your biggest security threat, or a great front line of defense.
Keep servers unders lock and key with clear procedures for requesting access. Using a MAC filter, limit devices attaching themselves to the network. More than one organization has been infected by a user bringing their laptop from home in because it has an issue or they want to use it for some task.
Prevent users from running potentially harmful programs on your network. Consider creating an application whitelist (this is substantially easier if you obtained a full application list when you were documenting your network in Chapter 1: Documentation).
Filtering inbound and outbound network traffic helps to block off whole classes of attacks that might hit your systems. Set up remote users with VPN access. Check traffic for exploits and viruses and use rule based systems.
Ensure that you have the source code available for in-house applications – and that proper controls are in place. If possible, utilize Single Sign-on (SSO) capabilities for new work to decrease the burden of managing access.
Make sure that you are getting notified of any potential security issues, patches and upgrades for all third party programs used internally,
For externally hosted applications, remember that there is no cloud, only other people’s computers. With that in mind, treat them like you would another network’s computer: limit access, log communications and monitor for any suspicious activity.
Consider data security strategies for both your structured (database and application data) and your unstructured (files, documents, etc.) data sources.
Although Structured data typically has restrictions enforced by applications, don’t forget to secure direct database access (preventing backdoors).
Unstructured data requires more rigorous action as it’s very easy for permissions and user access to spiral out of control. Conduct access audits, rollback permissions and remove outdated files.