IT Security is an ever increasing challenge. Here is a list of security considerations and what to implement to improve the protection of your organisation and IT resources.
- Have the conversation – talk to your IT provider about how your security can be enhanced, or call King computer solutions on 1300 54 64 74 to have the discussion. Security should be a top management consideration. A security breach can destroy your operation. Breaches of organisations are a frequent occurrence with 1 in 4 organisations suffering from it. It can easily cost tens of thousands, and in some cases millions of dollars to remedy. Make it part of your policies, procedures and induction training.
- Understand your organization risks – what sensitive data do you have, where it is located and who has access to it. Limit and monitor access. Safetica is our tool of choice for clients data loss prevention. You can see more about it here https://www.safetica.com/. It monitors and limits all information flowing out of the organisation including files copies to USB, mobile phone data access and documents sent out via email or other methods. It audits access to all documents on your server to monitor who is accessing them and provides alerts on suspicious document access behavior. If there is a data breach you will be able to get reports on exactly what data was compromised to report to relevant parties and assess what needs changing to minimize damage.
- User awareness training – do users know not to click on links in emails from unknown users, how to check the address a link is taking them to and to confirm by phone if a supplier requests a change of bank account details by email or on an invoice? Implement procedures and training to regulate high risk behavior, such as control of bank account transfers. This is a key part of securing your organisation, as no matter how much IT security is implemented, accidental or intentional misuse may overcome any IT side solution.
- Have an incident response plan – what steps do you take when you become aware of a breach? Is auditing in place to accumulate information on what has been accessed? How do you notify relevant clients/suppliers/regulators of the breach?
- If you don’t need RDP, make sure it’s turned off – Limit remote desktop access to your internal systems from where hacking to the rest of your network can be conducted or your data can be encrypted for a ransom.
- Have a suitable firewall, limit access and consider using private network (VPN) for connections from outside your network – minimize the open ports and encrypt traffic to your internal systems. Have a 2 step process to be able to access resources. Limit what countries or IP addresses can have access. We use and recommend Sophos XG firewalls (previously Cyberoam) who are the winner of the best threat intelligence technology. Limiting all forms of access to only Australia will stop about 99.9% of attacks immediately, particularly the high incidence we see coming from from China, Ukraine, Russia, France and the USA.
- Use two factor authentication (2FA) wherever you can – add an extra layer of login security to minimize access through compromised passwords. This is particularly the case for any administrative users who have higher privileges.
- Patch early, Patch often – have a monitored patch management system which patches not only windows software but third party applications, and provides an alert if patches are out of date. If you have not upgraded to the latest operating system like Windows 10, implement a plan to this. Microsoft have discontinued support for Windows 7 so no more patches will be released. The operating system is over 10 years old and systems running it should be replaced or upgraded. King computer solutions can provide proactive patch management updates and monitoring as part of our managed service solution.
- Have a secure password policy – start with a complex password policy enabled, don’t have users re-using passwords that are used on other sites for the domain login, set a policy which locks out accounts if 5 failed attempts are made. Install software to alert administrators when a lockout occurs. You can use Netwrix lockout examiner on your domain controller which is free software https://www.netwrix.com/account_lockout_examiner.html If lockouts are occurring examine when and where the attempted breaches are occurring and block the source.
- After an attack, check to see what the crooks have changed. Have users reset passwords immediately. If you use Safetica you will have a full log of what has been done. If not you need to implement some form of auditing and alert capability BEFORE an attack is detected.
- Check your own leaked password data on haveibeenpwned.com. Billions of users credentials have been compromised. Ensure you update any leaked or common password credentials.
- Use highly rated commercial monitored anti virus software. Don’t rely on Microsoft built in security. Use a centralized solution that monitors, updates, scans and provide alerts across all your systems. Ensure all systems accessing your network are protected. We use a Bitdefender based anti virus engine, the winner of many independent labs testing https://www.av-test.org/en/av-test/marketing/bitdefender/. Our managed solution provides with centralized monitoring for all the hundreds of systems we look after with alerts when AV engines have not been updates or run a scan recently. We schedule daily scans for all the computers we monitor.
- Have disaster recovery plan with suitable onsite and offsite backups. Besides protecting from hardware failures, fire, theft or accidental deletion or changing of data by users, Ransomware is a commonly deployed method which will encrypt your documents and make them unrecoverable. Hackers who get in to some companies also destroy attached backups to ensure their ransom must be paid. You should have the ability to restore and recover everything from the prior version of an individual document to entire servers quickly. King computer solutions provides disaster recovery solutions which means you can have your servers up and running again in under 30 minutes, even in the case of complete primary system loss. Our monitored offsite backup solution provides daily reporting on backup events and efficient cloud hosted, encrypted protection of your important data.
We hope you find this checklist useful. Feel free to share or link to it.