1. Know your people before you hire them.
Computers are not inherently malicious by default. People are almost always behind malicious attacks. Begin from the inside out. Run background checks on new hires to ensure that people who have access to your business systems are honorable.
2. Control access to virtual systems and physical spaces.
Keep policy on what levels of access employees require, including systems and data that reside on those systems. Implement good physical controls and logs such as access card systems that document entry and exit times. Install cameras and keep critical systems behind locked doors.
3. Develop policy on software and acceptable use.
Good policy on what outside software can be run in your corporate network or on corporate-owned mobile devices is critical. With the explosion of cloud-based applications like Dropbox or Google Docs, the ability to transfer corporate data to the cloud is easier than ever. Be certain that you are aware of what devices and apps are being used in your network.
4. Discuss appropriate Web and application security.
Social networks and other apps have created a platform for connecting our world. The problem is that it opens your business up for risk if they are abused. Social sites can be a breeding ground for malicious content. If this is not controlled, this can spell disaster for your business. Implement Web and application security to prevent users from visiting unapproved websites or running unapproved applications in your corporate network.
5. Secure your network.
Make sure you have multiple levels of threat prevention, like firewalls that do intrusion prevention and filters to block malicious websites and malware, as well as strong antivirus applications on your endpoints. Multiple levels of security reduce the risk of a breach on your corporate network. Don’t forget to implement strong administrator and user password policies to protect your systems. Work with your IT department or a qualified IT service provider to build a cohesive network security policy, protecting all aspects of your business.
Published (and copyrighted) in South Jersey Biz, Volume 1, Issue 11 (November, 2011).
For more info on South Jersey Biz, click here.
To subscribe to South Jersey Biz, click here.
To advertise in South Jersey Biz, click here.
1.