Businesses have been steadily increasing their online presence over the last two years as the effects of the pandemic hit. As a result, Online Security has become a major item in the IT strategic plan. While new Online Security measures have been implemented, new threats always appear, and new and improved countermeasures are needed to thwart them.
Implementing Online Security is not a one-off exercise, it is a continual battle between the Black and White Hats. Continual vigilance and keeping up to date with the latest threats is a must-do. However, it is prudent to bear in mind that the most secure site is one that hasn’t been hacked yet, so planning must also include procedures to be followed when an attack is successful.
Improving online security can be expensive with the purchase of new appliances and software, but it can also be the implementation of simple cost-effective measures.
The FBI has said that the greatest threat to online security sits between the keyboard and the chairback. They consider that the majority of security breaches are caused by user actions and inactions, deliberate or inadvertent.
The first place to start with improving online security is therefore at the user level:
User education and training
-
Induction. New entrants to the organisation need to have comprehensive training in how to identify malware threats and what to do when they suspect that they are the target of a malware attack such as a phishing email. A cheat sheet giving contact details of who to contact and the immediate steps they must take is a useful mousepad.
-
Reinforcement. After a while, security becomes part of the furniture and users begin to try to avoid or ignore it. Periodic reinforcement sessions will help prevent that, perhaps supplemented by regular newsletters giving information on the newest threats.
-
Termination. When a user resigns, or especially when they are terminated, all their IT privileges must be revoked immediately. A departing or disgruntled user can deliberately case malware events or steal confidential information.
Desktop Configuration
The basic desktop configuration needs to such as to minimise the possibility of users triggering a malware attack or stealing corporate information:
-
Users cannot install software or modify the PC settings or the configuration of installed software. Two user profiles are set up on the desktop PC, one with Administrator privileges that allow IT to manage the PC, and a profile for the user with limited privileges. That can usually be managed centrally by distributing standard images.
-
BYOD devices are scanned for malware automatically before allowing full connectivity.
-
Users must not be able to switch off their anti-malware software or prevent updates.
-
Anti-Malware software is installed from a central location. It is kept up to date automatically.
-
USB ports are disabled to prevent users from attaching media to the PC to transfer data to and from home. Most domestic PC installations are considerably less secure than corporate ones, so the risk of introducing malware through sharing family pictures is high;
-
Where possible data is kept on a network data server; and
-
Block Internet access to public storage such as DropBox.
Central Systems
Most IT infrastructure is built around a core, distribution, and access layer organisation, with all the common services operated from big iron at the core. It is usually where connectivity to the Internet is housed. Guarding that potential entry point against malware and other threats is a no brainer:
-
Keep firmware and software up to date. New threats appear daily. It is essential to make sure that all software, especially security software is up to date with the latest patches and upgrades.
-
A firewall or firewalls are essential to block unwanted traffic and screen and filer incoming traffic. It may also be prudent to install a Web Application firewall to help thwart DDoS attacks.
-
Careful monitoring of the DMZ interface. Some systems, especially email servers need access both inside and outside the firewall. Management of the DMZ interface and screening of DMZ traffic is again a no-brainer. Some organisations have a second firewall between the internal network and the DMZ.
-
Network Monitoring software. Network traffic needs to be carefully monitored, especially for DDoS attacks. Most have filters that will issue alerts after changes in traffic patterns.
-
All network switches outside the data centre need to be secure.
-
User authority management. Have a minimum of standard access profiles and set up alerts if users try to exceed their authority.
-
All remote access is through a secure VPN that demands authentication.
-
All IoT devices in Fog Computing clouds at the network edge are in separate network segments.
If you have all the above in place, then you have improved your defences against potential security issues. However, remember that you will be attacked, and you must have comprehensive company-wide Business Recovery Plans to address the immediate effects and recover from the attack.