How To Close Up Vulnerabilities In Your Company’s Network
There are many ways that a hacker can enter a network and there are new entry points showing up constantly. Typically, a hacker exploits a vulnerability, the vulnerability is reported and then a fix is released. While you can never completely protect your data 100%, you can make it more difficult for an attacker to get in or get what they want by doing some of these things:
- Patching Software
- When attackers exploit Windows or Internet Explorer or any other application, security patches are released to plug the hole. Microsoft is being more aggressive with this in new versions of Windows but you have to pay attention to all software as it is just not Microsoft anymore. Adobe, Chrome, Firefox and other applications need to be updated to plug the holes.
- What You Can Do: Microsoft Service Providers and internal IT departments are utilizing RMM (Remote Monitoring and Management) applications that take care of patch management and can notify you if software is out of date. These are typically per-device -per-month services that add large amounts of value.
- Public Drives
- Most companies have public drives that allow the organization to share data. Many of these are open to all users who authenticate. If there is any data that is confidential on these drives, hackers will go to this first as it is “low-hanging fruit.”
- What You Can Do: begin limiting the use of public drives to non-confidential information. If you need to share confidential information, utilize a Document Management System or lock down the folders with tight permissions for specific users.
- Mobile Device Management and Laptops
- With an increasing number of users in the workforce going mobile, new threats have emerged with this mobility. Laptops are targets of theft along with mobile devices and many of these have company email and documents.
- What You Can Do: First off, encrypt any device that has the ability to be encrypted. This will require a thief to know the password of the machine to get the data. For all devices, utilize a mobile device management tool (Office 365 uses Intune) to control and wipe these devices if necessary. Any newer Exchange Server or Office 365 Email Account can remotely reset a mobile phone to factory defaults the next time the phone connects to the email account.
- Remote Access
- Also increasing in popularity is working from home. Any time you allow an outside PC to connect to your network, you open up your systems to new vulnerabilities. Most home PCs do not have proper anti-virus protection and the amount of Internet traffic is usually higher resulting in greater risk.
- What You Can Do: Ensure any device connecting to your network has the following:
- Secure VPN tunnel – Never open up Remote Desktop (RDP) access through the router. Use your firewalls recommended VPN connection or use a service like LogMeIn Hamachi.
- Require in your policies that all home users have anti-virus and are patched.
- Require in your policies that all home users have strong passwords.
- It is always best to have a company owned device that is under control sent home with the user if possible.
Evaluate Your Cybersecurity Preparedness with This Checklist
Tips specifically for PC/Laptops, Servers and Smartphones
Here are some tips that should be standard for all organizations to ensure their systems are not easily infiltrated by an outside party:
- Utilize disk encryption for any laptops or devices with important information.
- Always have strong passwords.
- Do not give your user full control permissions to the local PC.
- Never store any protected information to a local PC or send via email.
- Keep all applications up-to-date with supported versions and patches.
- Definitely utilize disk encryption.
- Never store non-public data (social security numbers, credit cards, etc.) in any folders or public drive.
- Ensure the server is never logged in for someone to walk up to and use.
- Ensure anti-virus is up to date, server is patched and supported versions of all software are used.
- Ensure you have a 3-2-1 backup solution:
- Three (3) copies of your data (production and two others)
- Two (2) different media types (disk, cloud, NAS, USB)
- One (1) off-site copy
- Make sure you have a Disaster Recovery Plan in place and it is communicated.
- Mobile Devices and Smartphones
- Have clear policies in place for mobile device use with company data. This includes password complexity and the company’s ability to remotely wipe a device if necessary.
- Utilize a Mobile Device Management tool like Intune to control company and personal devices to ensure company data is protected.
- Familiarize yourself with how to wipe your device if your company uses Microsoft Exchange or Office 365 Email in case your device gets stolen.
July 17, 2018
Cybersecurity is for every company. Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information. Every company that relies on the internet must be aware of… Read more