IT Security - 6 Areas to Consider

We all know that technology moves on very quickly in IT; there is always a new product or solution to bring benefits to an organisation. However, there are some areas of IT that also progress and become more complicated and one of those is security.

10 years ago, threats like computer viruses, malware and other security risks were far less complicated than they are today. Since then, these clever little bugs and viruses have become more intelligent, requiring IT to keep up the pace and find new ways to protect you.

We wanted to highlight some of the key areas that we feel are important and would recommend any organisation to review their IT security and see how up to date it is.

1. Mail Filtering

Email is such a massive part of our daily lives, especially in business with over 2 million sent every minute in the UK. Not something to be underestimated, if you think about what an email is you'll find out that it’s more than just a message with text.

Organisations go to great lengths to get things like firewalls and anti-virus in place, but often have their emails filtered on their local server / exchange. What happens if your contact has a virus on their computer and then emails you, unknowingly infecting that email message and ultimately your network? There are steps that can be taken to prevent this from happening.

Instead of filtering your emails on your local server / exchange, best practice these days is to have your mail filtered remotely, finding those malicious viruses, spam messages and harmful bugs before they reach your network. This remote filtering has some key benefits that we urge our customers to consider. Implementing this type of solution will:

  • Reduce the risk of infections reaching your network
  • Only deliver clean emails to your users, removing spam
  • Reduce the risk of you forwarding the infection to your contacts
  • Free up essential internet bandwidth that would have normally been downloading spam messages
  • Reduce the amount of processing the server commits to filtering this mail traffic
  • Allow users to safely review captured emails and release genuine business communications to their mail client

These things can be put in place as long as you have the right solution. There are lots of solutions out there, such as the one we use for our clients called Thor Internet Security.

2. Web Filtering

So you have your remote mail filtering implemented, but still have infections being seen now and again on your network? Have you considered the source of these infections?

Another area that in recent years has become a gateway for viruses, malware and other infections is internet browsing. With the plethora of internet browsers available and the increased amount of business conducted across an ecommerce platform, this is one part of your network that should be secured and filtered.

Web filtering can be easily implemented, policies can be introduced and a significant reduction of risk can be seen by all internet users. Mirus use a solution that enables you to protect users from malware, botnets and phishing, and enforce acceptable policies without deploying an appliance or managing software. We can get it up and running immediately while reducing the cost and complexity associated with Secure Web Gateways.

Some levels of reporting can be required from a client to monitor users’ browsing activities, reviewing the productivity of a workforce. This can also be achieved with the right solution, including the ability to control browsing policies whilst a user is working remotely or not on the corporate network.

This level of control is not always needed but does have a number of benefits. The key is to ensure your web filtering solution is in keeping with your business policies and culture.

3. Wireless SSID and Guest

Nearly every business broadcasts a wireless network, allowing their staff to connect without plugging in network cables, using devices in meeting rooms, hot-desking, using mobile devices and so on. However, a simple layer of security is often not put in place; the separation between internal and guest access.

Have you ever had a visitor come to your premises and connect with a network cable? Often the answer is no because people associate a network cable as being a security risk if they are not using a company approved device. However, often a wireless SSID key is shared with these visitors, granting them access to the internet and perhaps unknowingly putting their network at risk from a potentially infected piece of hardware. If the visitor’s device had a virus on it for example, it’s possible this could find its way onto your network if the appropriate measures have not been put in place.

So splitting your wireless access is a great way to protect yourself, allowing guests to connect via a guest Wi-Fi key, and internal staff to connect using a secure and private Wi-Fi key. With the majority of wireless devices that exist today you can implement this without cost: it simply needs to be configured.

4. Anti-Virus

Everyone should have anti-virus on their devices. Even home users can obtain certain free products that offer a basic level of protection. In business, it’s best practice to have an anti-virus product that covers all your devices and is regularly updated. There are certain solutions, one of which Mirus use with their clients that allows for further integration and makes proactive IT support that much better.

Not only can you have an anti-virus package that updates regularly but also one that can be monitored by your IT support company, alerting when there are potential viruses or infections, thus allowing for rapid response to remove the threat. Other features exist that allow for forced updates, which are tested and pushed out without relying on the user to do so. This is what we recommend: true “endpoint protection”.

5. Data Security

Data security is always a hot topic and organisations invest lots of money in clever disaster recovery solutions and introduce strict data protection policies.

However, there is an obvious method in which infections can enter a network and infected files can be transferred off your network, including sensitive information. We are talking about removable media.

Removable media, such as USB sticks, USB Hard drives, SD Cards, DVD-R etc., can easily be plugged into your corporate laptop or desktop via USB ports or card slots. This method of data transfer with devices like USB sticks can be very handy and great for quickly grabbing some info to move to another device. But have you considered the security implications around this? What if your device has personal data on it as well and it’s infected? You could innocently be using the device whilst infecting your work machine. In addition to this there is data security. We’ve all heard the stories of certain government bodies leaving devices on trains and cafes etc. What’s to stop an employee copying sensitive data onto a removable device and then losing it?

Solutions now exist that enable a business to protect itself from these risks. Products can be implemented that allow for control over USB devices, either stopping them completely or at least securing them with passwords and encryption. These solutions include benefits such as:

  • Lock down of USB / Media ports
  • Encryption of removable media
  • Data fingerprinting
  • Reporting on who is copying data
  • Enforceable policies & central management
  • Compliance and protection against negligence

6. Passwords

We all have a multitude of passwords for various facilities even in our personal lives and while it can be a pain having to remember them, it’s actually very important to have them. In an IT environment passwords are often one of the only security measures in place to protect access to business data or services. You should avoid having the same password for more than 1 user as this can lead to sensitive data being exposed or shared when it shouldn’t.

Another thing to consider is a password policy that frequently requires your users to change them. It’s good practice and we encourage customers to do this. If someone in your workforce leaves, it’s also a good idea to change the policy then too to avoid a breach of security from outside of the organisation.

When choosing a password, it’s best to have some sort of complexity. Sometimes they can be too complex and people can easily forget, so it’s a good idea to consider how complex you want them to be.

Here’s a guide to choosing the right password:

  • An ideal password is long and has letters, punctuation, symbols and numbers.
  • Whenever possible use eight characters or more.
  • Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security and then they try to use that same password and user name in more secure environments, such as banking websites.
  • Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
  • The greater the variety of characters in your password the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
  • Use the entire keyboard, not just the letters and characters you use or see most often.

Security review

Being proactive with IT should include regularly reviewing certain aspects such as security. It’s good practice to check these things out and see what the latest technology is. Even though you may have implemented something a while ago, it doesn’t hurt to spend a little time making sure it’s still relevant to your business and still brings a benefit.

As we started off saying in this post, technology moves on quickly. If you don’t keep up there could be areas of your IT that are lacking and could potentially lead to issues that cause disruption to business. Don’t leave it too late, there’s no time like the present!