In these tough economic times, getting the most out of your limited IT budget is crucial.
When faced with an ever-shrinking profit margin, difficult budget decisions often have to be made. When deciding between keeping your network going and keeping it secure, the choice seems obvious. Even in the best of times, security is hard for some managers to justify. It can be expensive, doesn’t generate a profit, and can occasionally even make things more difficult.
Resist the temptation to ignore security because you don’t think you can afford it or don’t need it. Over the last five years, security incidents have become more common and sophisticated, and the costs of such incidents can be devastating. The economic effects of a security incident can range from not being able to bill customers because of a network outage to even more serious fallout, such as losing customers due to a loss of confidence. To help you keep your budget in the black and continue to protect your network against intruders, here are five cost-effective measures that will guard against a majority of the attacks at large today.
Keep your software up-to-date. The first and most effective step is free! The majority of automated attacks in use by hackers today target vulnerabilities in software that were patched over six months ago. In addition to being free, many software applications even automate the update process for you. For example, if you use Microsoft Windows, automatic updates can be enabled simply by going to the Security Center in the Windows Control Panel. Windows Update will automatically check for updates, download and install them. It will even keep your other Microsoft products updated as well. Keeping all your software up-to-date is crucial to keeping your network secure. In 2010, 60 percent of all successful computer infections were caused by out-of-date Adobe software, specifically Adobe’s Flash player and PDF Reader. Your IT department should check for and install available updates to your software on at least a monthly basis.
Use an antivirus program. Viruses, worms or malware are automated programs that have been written to perform malicious activities on computers. It is vital to have protection against malware because it is capable of carrying out numerous damaging actions, such as stealing sensitive business information, including customer data, banking information or proprietary business secrets; making your network unusable through denial of service attacks; or even using your network for criminal activities.
You are probably wondering, “How much this is going to cost me?” Once again this is free! If you use Microsoft Windows, you can deploy Microsoft Security Essentials for free. Even if you don’t run Windows, or you prefer to use a different vendor, there are a number of high-quality, free antivirus solutions available. A few reputable antivirus vendors that offer free solutions are Avast, AVG, Panda and ClamWin.
If you have room in your budget to pay for an antivirus solution, you will obtain a more comprehensive application. You will receive support for any issues, you can set up a console to help manage all of your machines from a central location, and your virus definitions will be updated faster. Most of the vendors offering fee solutions also offer a paid solution. Some of the leading vendors for paid antivirus solutions are Symantec, McAfee and Kaspersky. Most antivirus programs allow automatic updates of virus definitions. Your IT department should configure this to occur at least once a day.
Install a host firewall. Firewall programs act very much like the security guard you may have stationed at your building’s front door. They monitor who or what is coming in and going out of the building. Well, a firewall does the same thing for your computers. A firewall needs to be configured with a list of programs on the computer that will need to make outgoing connections to the Internet.
More importantly, the firewall will only allow certain IP addresses and port numbers (port numbers are how a computer sorts different network traffic) to establish incoming connections with your computer. Your IT staff will know best what external programs need to make connections to your computer. All other incoming traffic will be denied by default. This keeps unauthorized programs from connecting to your computer and potentially performing malicious activity. Again, you are wondering about the cost…and, again, the answer is free! Microsoft Windows includes a firewall. A lot of other operating systems also include a firewall and many of the antivirus solutions include a firewall.
Limit user access. New programs rarely need to be installed on an established network. Depending on your business, normal users may need to install a new program only once or twice a year; however, many companies give all network users the right to install software all the time. The best security practice is to let general users have user-level access, and not administrative access. Only IT personnel need elevated, administrative permissions to properly manage the network, and all IT personnel should have a separate account to use when administrative access is needed.
Accomplishing this step is rather technical and requires some configurations best handled by your IT staff. Discuss with your IT staff the best method to remove local administrative rights for your network users. This can be done granularly, allowing users the permissions they need to do their work while keeping the network safe. What is the cost for implementing this step? Just a little time for planning and implementation.
Use a spam filtering appliance. The last step (and I am finally going to ask you to spend a little bit of money!) is implementing a spam filter. One of the most prevalent methods for an attacker to gain access to your network and infect your computers is through email. “YOU HAVE WON THE UK LOTTERY!” How many times have you seen that in your inbox? While very few people will fall for an email scam so blatantly obvious, email spammers have a variety of sophisticated techniques they use to trick people into opening and running malicious programs from emails. You have probably heard you are only as strong as your weakest link, and in the IT security world, the weakest link is unfortunately almost always the user. Even the most suspicious of users can fall for a well-crafted spam email.
Unfortunately, it only takes one of these emails for your network to quickly become riddled with malware. Some limited spam filtering can be configured directly in your email server. However, for a more robust and efficient solution, you can run a separate anti-spam server. Usually, these are hardware appliances that filter spam out before it even gets to your email server. A base-model anti-spam appliance can be purchased for around $1,500. You should review your company’s email metrics before deciding if a separate anti-spam filter is necessary.
Implementing these five steps will put your company on the path to being secure. While this is not a comprehensive security plan, it should keep your company secure against 80 percent of attackers out there. If your company deals with sensitive customer information such as credit card data or personal medical information, you may be subject to more stringent security requirements by industry or government regulations. Please research your company’s obligation to customer data before making any significant changes to your company’s existing security policies. iBi
