It’s an interesting time to be working in information security. Really advanced security is within reach of even the smallest organization. Our smartphones have security locks and will increasingly have “kill switches” to wipe lost or stolen phones. Large technology vendors provide (and advertise) that they encrypt everything on-site and in transit across the internet so, ahem, no one can snoop.
With commonly available approaches and many more becoming more accessible, which technologies are right for your organization as it considers important issues of security and privacy? Which approaches are the most effective at ensuring that your data is safe? In this blog post, I will start with specific ways to build this foundation and then look at a broad survey of approaches to layer on security. Finally, we’ll end on, arguably, the most important part – making a security plan that fits your organization. The fact that it fits your organization means effort and money will be spent wisely.
By “good foundation” we mean starting with these three components:
1. Backups: Make sure you have good backups that happen frequently and can be accessed easily in case of an emergency
2. Antivirus: Install and regularly update ffective antivirus and malware software on all workstations and servers
3. Patching: Ensure that all computers and networking equipment is patched regularly
Start with a good backup plan to protect your data. Backups are probably the most complicated of these three components. You need to know how often data is backed up, how far back you can recover, how fast, how much effort, etc. Create a plan that works best for your organization and stick with it. We use backup to disk and cloud approaches such as the one offered by Asigra. We can monitor this for our clients very easily. Many of our clients are using Backup Exec to tape or disk which provides alerts in the event of failed jobs which is critical. There are other options but we consistently choose these.
Antivirus is by no means guaranteed security, but it is a good base layer for securing computers. On Windows, Community IT likes to use Vipre as it’s small, has light impact on computers where it is installed. For Macs we’re using Webroot. I won’t even pretend that these are perfect but if it’s kept updated by reputable companies, doesn’t impact performance much and can be monitored then they are winners for us.
This combined with updating your computers and other network equipment protects your resources from the most common attacks and viruses. Unfortunately, it is still common that the biggest compromises are due to weaknesses in computer operating systems that are well known. Besides computers for staff, servers, firewalls, wireless access points and mobile devices need to get the latest patches.
Community IT provides centralized methods of monitoring AV and patch/update status for most of the equipment on a network. Simply being committed to updating computers and reading the monthly status reports is one of the simplest ways for a small or medium-sized organization to stay on top of these recommendations.
Read Part 2: IT Security Essentials & Best Practices »