Ten Security Strategies for Your Business

By Stacey McDaniel

The security landscape is constantly changing, so the threats your business faces today are different from the threats of a year ago -- or even six months ago. Here are a number of measures that business owners, IT staff, and end users can take to protect themselves against malicious activity.

A good place to start is to employ defense-in-depth strategies including the deployment of IDS/IPS solutions, antivirus and antifraud solutions, as well as a firewall. Also, stay informed by reading about the threat landscape so you know what you're up against. Antivirus definitions should be updated regularly and all desktop, laptop, and server computers should be updated with all necessary security patches from their respective vendors. Implementation of a Network Access Control (NAC) solution is highly recommended to control and monitor access to your network. To help prevent accidental or intentional data leaks, businesses should employ data leakage prevention solutions. Businesses are also encouraged to develop and implement policies that prevent users from viewing, opening, or executing any email attachment unless the attachment is expected and comes from a known and trusted source.

The best defense
Here are our top ten security recommendations for your business:

   1. Scrutinize email. Educate employees about safe email policies. These  include: never opening email attachments from unknown senders and never responding to spam. In order to limit the propagation of email-borne  threats, email attachments should be scanned at the gateway.  Additionally, all executable files originating from external sources, such as email attachments or files downloaded from Web sites, should be treated  as suspicious.

   2. Utilize Network Access Control. All network-connected computers and  inbound/outbound traffic should be monitored for signs of unauthorized  entry and malicious activity, ensuring that any infected computers are  removed from the network and disinfected as soon as possible. Also,  create and enforce policies that identify and restrict applications that can access the network.

   3. Patch your holes. To ensure you have the latest protection, always apply operating system and security software updates and patches as soon as they are released. To protect against successful exploitation of Web browser vulnerabilities, upgrade all browsers to the latest versions.

   4. Encrypt data. In the case of theft or loss, the compromise of data can be averted by encrypting all sensitive data. Encryption should be part of a broader security policy that businesses should develop, implement, and enforce to ensure that all sensitive data is protected from unauthorized  access.

   5. Use layered security. Employees and other end users should employ  defense-in-depth strategies, including the deployment of antivirus software and a firewall. Antivirus definitions should be updated regularly, and all  desktops, laptops, and servers should also be updated with the necessary  security patches from the operating system vendor. Also, make sure to  enable the security settings on Web browsers and to disable file sharing.

   6. Back up data. For any number of reasons -- natural disasters, human  error, hardware failure -- your IT system could be brought down. Therefore  it is critical to back up important data regularly and store extra copies of this data off site. Also, since it is easy for storage tapes to get lost, stolen, or damaged in transit, encrypting those backup stores is a good idea.

   7. Manage vulnerabilities. In addition to staying up to date on patching, an asset management system can be used to track what assets are deployed on the network and to determine which ones may be affected by the  discovery of new vulnerabilities. Vulnerability management technologies  should also be used to detect known vulnerabilities in deployed assets.  Once identified, unpatched vulnerabilities should be assessed and  mitigated according to the level of risk.

   8. Use strong passwords. Users should employ strong passwords of at  least eight characters and combine alphanumeric and special characters.  Change all passwords every 45-60 days to make it more difficult for  intruders to access your data.

   9. Stop spam. Spam is the leading source of malware entering networks  today. Spam not only diminishes productivity, it also puts a strain on  storage and bandwidth requirements. Employ anti-spam solutions to  proactively protect your environment.

   10. Don't forget physical security. There are a number of routine things you can do to strengthen your business's security. These include: using the screen-locking feature when away from their computer, shutting the computer off when done for the day, locking laptops with a cable, not writing down passwords, and being extra mindful of physical security of PDAs and handheld devices, which are a popular target of thieves.

Stacey McDaniel has been writing about high-tech issues for more than six years.