A few years ago, traffic on the internet consisted of e-mails and FTP’s relatively threat issues were nonexistent, however today we are looking at new threats every day. Keeping up with these threats are challenging enough.
Your First-line of defense is your IT professional knowing the system, and then knowing what that system needs.
All good IT people will tell you that start with a Security Policy, deploy it then enforce it. Often found when I visit a business the policy starts off with catering to the general consensus of the employees, then third party venders and management.
Being unreasonable in all the restrictions that can be place on a system
Company owners want to keep their people happy; this generally is a concept that seems productive to the cause. A restrictive policy seems to be over taxing and burdensome, and makes the administrators want to lessen the policies and restraints within a system. This then allows the administrative personal to update the system without going to leaps and bounds to get the job done.
Enterprises find a need to assure that the policies are flexible enough to allow information to flow, but not so light that the doors to the business are utterly open.
I found most companies or organization want to write their own policy, and implement it themselves. The policy writers will most likely use terms that are agreeable with the employees and management needs as well as the Technical Admins so it will be easy as possible to access remotely and otherwise. This is what I call commonsense policy.
What about penetration from outside events, threats along with internal threats or from former employees?
A balancing act between what is wanted and needed to protect the business is needed. Outside third party consulting may be the best practice with today’s threats. Policy makers need to focus on the main objective here. The business needs makes policies that need to be monitored closely and consistently.
Too often Policy is over looked for one reason or another. With vulnerability lurking just around the corner, it is well to know you have a secure system. There is a renewed interest in security policy. Far behind where it should be today, however there are policies that are designed to continue expansion outside the traditional boundaries of an organization with their partners and contractors which build a closer tie-in to responses to the businesses endurance should a disaster occur. Many external relationships with vendor products are very demanding. With the vendor wanting to review security policy and configurations before doing business to ensure that the transfer of information and Intellectual Property will be secure.
Securing data begins at home
Logical Data is protected through cooperation within the organizations boundaries. Keeping passwords privet is number one. Laws now protect the end-user from giving up their passwords to Admin personal. Admins should have their own passwords; however that is not a cure-all. Sometimes the work has to be done in user mode.
Employer’s need to have at least one safety meeting once a year to remind employees the risk involved with telephone solicitations, IT fraud, and so forth and most of all never giving up their passwords, along with deploying a strong password policy.
This awareness will only work on a human level if the participants are willing to follow the rules, which should include; no more minimum requirements in a security policy, strong password protection, trusted relationships with vendors, understandable maintenance policies.
With external threats on the rise
When connected to the internet vulnerability increases 3 fold, visibility (exposure), bandwidth (and IP address), and the length of time spent on a particular site. Exposure is the key to the outside hacker, watching your every move gaining information that can bring your business to its knees.
Physical stopping power is needed. Installing a Fire Wall security system before the server this will insure the protection of external threats through Spam, e-mails and web-browsing attempts.
One simple rule to keep in mind when it comes to choosing the level of a fire wall needed is. How much information do you want to keep and how much can be lost. In other word how much value do you put on your personal, privet and company information? Gauge your strength of security on this bases, follow through with a policy, deploy educate and remind.