By Steve Cerocke
The rapidly expanding use of technology in every aspect of business is creating a growing security concern. To protect your business and digital assets, it’s important to have a multipronged approach that addresses physical access, technology security and user policies.
Digital theft, viruses and other threats can be initiated in many ways and from many points both inside and outside of your four walls. The development, implementation and monitoring of a robust security plan that addresses each area of concern is the only way to protect your business.
The best strategy to protect users and systems from viruses, malware and phishing attacks is to deploy a layered approach using multiple tools that are specially designed to protect against the different types of threats. Typical antivirus software may be good at detecting a virus threat, but as new threats come out every day and evolve quickly, you must make sure that your antivirus software is up to date.
For our client’s systems, we deploy additional layers including email filtering, DNS redirection and site blocking technologies. We also make sure that our client’s firewalls are business-class devices that are monitored, maintained and patched.
Many of the recently well-publicized security attacks have been initiated from inside company networks from infected computer systems. The best antivirus software should be supplemented with user policies and physical security protocols as components to a full security plan. Training for employees is also critical so that they know their role in protecting business and client assets.
Here are a few key areas that should be covered as part of your network security strategy:
- Data security: Beyond the layered security tools, defining the user’s role in maintaining a secure network environment is one of the most important components of an effective security strategy. Limitations on acceptable use of the network should cover the installation and use of external software and attachment of personal digital devices such as laptops, smart phones, PDAs and storage media. Define policies on logging into and out of the network and on the use and sharing of passwords and user accounts.
- Training: Many organizations require employees to participate in training that is designed to help them recognize threats such as phishing attacks and malware sites. Organizations with compliance concerns or those that handle sensitive data are taking additional steps to test employees and the effectiveness of their training programs.
- Communications: There are both legal and security concerns around the use of company communication systems, including email and Internet resources. Restricting the transfer of data, limiting personal use and defining policies on instant messaging, chatting and accessing online services are important. It is also important to define requirements for remote access and the transfer of digital files in and out of the company network.
Hackers and thieves that really want access to your systems and data will be difficult to stop. Your best defense is a proactive offense and a company culture focused on security.
Steve Cerocke, founder/president of IQ Systems Inc., can be reached at 775-352-2301, ext. 1001, or firstname.lastname@example.org.