The increasing spate of attacks on computer networks has made cyber security a big concern for most enterprises. With more and more data online, cyber criminals have a field day, and the volumes and profits from cyber crime probably exceed that from drug trade! In such a context, creating a solid security strategy for your business by establishing a robust security infrastructure relevant to your needs should take center stage.
A good security strategy requires understanding the true nature of threats facing the business, planning for an appropriate security architecture, selection of a suitable security suite from the range of options available, setting up the security infrastructure to protect the ecosystem, and finally monitoring and updating the same as required.
The first step toward an effective security set-up for businesses is security planning. Without proper planning, security controls are relegated to the world of afterthought, and results in both weak protection and enhanced costs. This requires assigning owners to data, classifying data, understanding how sensitive information finds use, and developing a security strategy and controls design.
The nature of threats and the possible security infrastructure remains the same regardless of the user or business. Different businesses, however, have different priorities. An online merchant or e-commerce establishment, for instance need focus more on credit card security and data integrity. The need of the hour is a proactive approach toward network security and enforcing some basic considerations such as safe browsing habits, state of the art firewalls and antivirus, encryption systems, SSL protocols, and more.
Any company worth its salt requires a computer security policy that specifies the dos and don'ts, instructing new employees on how to use the computer responsibly. A good policy covers using office computer for personal use, a password policy, laptop usage policy, restrictions on unauthorized devices and more, and is the basic foundation on which the network security rests.
Purchasing the latest the security market has to offer is a wrong approach to network security, for the best product available may not be the most effective for a specific need. A good security strategy rests on creating the necessary infrastructure changes to secure corporate data, training staff to use existing tools better, and raising employee awareness. For instance, even base functionalities such as routers, switches, and file servers when applied well provide more security than a poorly configured firewall.
Hackers have easy access to servers or computers within corporations’ networks as IP addresses are available to the public. One effective protection strategy is to avail network address translation that provides private IP addresses behind a public IP address. Corporations also need to focus on the entire corporation as a whole; for neglect of any branch and loose ends can result in infiltration into a vulnerable section causing an infiltration throughout the entire network. A comprehensive policy and procedures to ensure this is a core part of sound security strategy.
Training and education take precedence over technology in network security, for the best of protection mechanisms become useless unless the people who manage it remain unable or unwilling to use it well. Determined hackers can always exploit human errors or trust, regardless of the protections or policies in place. The need of the hour is adequate awareness, which comes with training and education.
Factoring in human behavior is a critical part of computer security strategy, for even the best of security and protection systems come to naught when human errors take place, or the people in place to implement such systems fail to do so. The major considerations should be to implement the principle of least privilege, control the access of unauthorized devices, and monitoring network. Very often, overworked security personnel overlook these facts. Another major point to note is that trust and network security do not go hand in hand.
Monitoring employees is a critical component of computer security strategy, for undesired human behavior can render ineffective the best of strategy or security policies in place. Such monitoring, however, could create a hostile work environment. As such, intervention requires careful thought and considerations and balancing the pros and cons.
With telecommuting and the use of dual purpose smartphones on the rise, keeping the home and work computers safe from each other pose a big challenge. Ways to do so include adopting the latest technology has to offer, using the latest and relevant antivirus and protection systems, keeping other users out from both home and work computers, and being extremely careful with use of USB drives.
Setting up a virtual private network (VPN) not only increases network security but also helps businesses comply with the increasing list of laws and regulations relating to data security and increase efficiency. New LAN-style VPNs reduce the associated costs considerably, making them affordable even for individuals. Some such VPN are Hamachi from LogMeIn; Untangle; and StrongVPN.
The major focus on any company’s cyber security strategy is to maintain data integrity. This mostly requires a layered approach to security. An understanding of how to harden end-user devices and servers against attack or inadvertent loss of sensitive information is the first step in planning a robust security infrastructure.
Any network security strategy requires the use of a good security suite. The popular security suites available on the market are McAfee, Comodo, Norton, ESET, Kapersky, and more. Read on for a review of the latest offerings from these suits to identify the best and relevant ones for your needs.
The core of any security strategy is identifying attackers and reducing the threats they cause. This requires understanding the who, what, when, where, why and how of the attack; and adopting methods such as forensics analysis. The best strategy depends on the opportunity costs, and usually involve cost-benefit trade-offs.
Security Information Management (SIM) is the collection and analyzing of data such as event logs, derived from firewalls, IDPS and other security devices to determine trends. Deploying software that undertakes this analysis provides businesses with a grasp of the latest developments and allows them to modify the security strategy appropriately.
Information systems metrics are measurements of discrete data that show the effectiveness of the security program. It identifies the nature of threats and vulnerabilities that businesses face from cyberspace. Understanding how to use such metrics allows rationalization and optimization of the company’s security initiatives.
Want to know more about creating a solid security strategy for your business? Continue with our guide that deals with comprehensive standards for small-business network security. Also, use the comments section that follows each article to have your say on the topic, seek clarifications, or request additional information from a vibrant community of authors, editors and subject enthusiasts.
- Image Credits: