When you read something that says you should secure your network, most business people assume their IT people are taking care of this. How can you be sure? Answer – you trust them. Great, but what if they aren’t staying current with technology and are using old techniques…
You may trust them, and they may be doing what they know how to do, but you still have vulnerabilities. In a recent article in InformationWeek magazine – Greg Shipley, Tyler Allison, and Tom Wabiszczewicz write about five essential lessons they learned from real-world problems.
These lessons are:
1. Get serious about web security. Make sure the applications that are running on the web are secure. Just because you have a firewall and antivirus software does not mean that someone can’t attack your web site. If you have a web site that requires a user ID and password, how difficult (or easy) is it for someone to get access to your environment through this? SQL injection, brute force, etc.
2. Add Secondary Controls. Internal firewalls, encryption, database monitoring software. Again your internal person may tell you that yes, they are encrypting data on the database, but where is the encryption key? If the key is on the same server as the data, what is the point in encrypting?
3. Know your limits. The ability of attackers is increasing at a faster rate than the ability to stop these attackers. Even if you have up-to-date antivirus, this will not stop a custom malware. Enable logs to provide a better view of where attackers went and to what level your environment was breached. Just remember that they are always trying to find ways into your system and you need to be thinking about ways to keep them out.
4. Trust but Verify. Review any third-party system that you own or are about to implement. Remember to change a default password when deploying anything new.
5. Plan for incidents. A security breach can turn into much more than the loss of some data. Litigations can happen, and if you have rebuilt systems, wiped drives, purged sections of databases etc., finding where the problem occurred and how to prevent it in the future can be that much more difficult.
For more information on Skoda Minotti Business Applications Consulting Services, contact us at 440-449-6800.