Author: Matt Irving
Certs: PMP, Security+, Network+, A+, Project+, Cloud+
Languages: PHP, Python, JS, HTML, CSS, SQL
With major data breaches becoming an almost weekly occurrence, it's only natural to wonder if your business could be next. Most data breaches occur when hackers exploit the weakest link in any network, the user! Cyber criminals can destroy your network and steal your data if they obtain the right login credentials. To prevent this, here are a few tech and general security related measures you can take.
Restrict Personal Device Usage
Training your employees on proper computer usage is paramount in keeping hackers out of your network. Considering implementing a corporate cyber security policy that all employees must adhere to or else! Ensure that your policy details, specifically, what devices are allowed in or around company computers. Common devices to bar from network and computer areas are:
- Flash Drives | Why?: Nefarious employees can use these devices to download sensitive data and use it for personal/financial gain. There is also the possibility of an innocent employee accidentally propagating malware through network by plugging in an infected flash drive. How Can I Stop This?: Most operating systems come with the option of disabling the use of external storage devices. Simply implement a Group Policy (Windows Users) and disable the functionality.
- Cell Phones | Why? Some employees may want to use their computers to charge their cellular devices in the event they don't have an AC adapter. Since cell phones also function as external storage media, you run the same risk as you do by permitting flash drive us. How Can I Stop This?: Implement the same Group Policy you did to stop the flash drive usage.
- Personal Computers/Tablets | Why? Allowing personal devices to join your company's network can lead to sensitive data being stored on the employee's potentially insecure device. Should this device be stolen or lost, trade secrets, social security numbers and other vital information could end up in the hands of a criminal. How Can I Stop This?: Enforce a strict ban on personal computing devices at work. Do not allow employees to use their personal devices at work under any circumstances.
Hold Quarterly Safe Internet Usage Meetings
Having regular information sessions on the practice of proper computer usage can help build cyber security conscious employees. During the meetings, make sure you teach employees how to spot potential threats and whom to report them to.
Here are some common threats and how to spot them:
- Phishing: This occurs when a hacker sends an email to a person in hopes of gaining useful information such as a password or account number. Unfortunately, there is no way to really prevent these messages from being received. SPAM blockers do a pretty good job of preventing the bulk of it from making into the main inbox but often times, a few will weasel their way in. How To Spot Them: Anything that looks suspicious probably is! If you receive an email from someone you don't know or a domain (name following the @) that you do not recognize, do not open it. Alert your IT team immediately and refrain from clicking the email. Be wary of subject headers like 'I need your password' Or 'Important, Must Read Now'. These are likely hackers trying elicit an emotional response from you to get the information they desire. In my article 'How To Browse Safely Online', I detail this attack method further.
- Trojan Horses: Named after the famous attack pulled off by the Greeks against Troy, a Trojan Horse virus disguises itself as something harmless or useful like a free anti‐virus software download. As such, these threats are difficult to spot, but a dead giveaway is an offering of a free version of paid subscription software like MS Office or Photoshop.
Also, let employees know what kinds of sites are appropriate to use while working. If applicable, read aloud the list of pre‐approved websites and programs. It's important to let everyone know where they can and cannot visit.
Try to keep the meetings fun and avoid using too much industry specific jargon. Doing so, will almost certainly lose the audience's attention. Try to make it memorable by ensuring the meetings are enjoyable for all.
Harden Your Network
You want your network to be as impenetrable as Fort Knox! Or at the very least, difficult enough to penetrate that hackers move on to easier targets. With your end users trained on how to spot and avoid threats, it's now time to fortify the devices themselves.
In no particular order, here are common devices in your network and how to harden them.
- Router/Modem: These devices serve as a gateway to the rest of world via the internet for your network. How To Harden: To harden it, you'll need to implement a strong password for wireless connectivity and only share it with those who need it. Also, turn the power level down to the minimum needed for connectivity on you router. This power level determines how far the signal will travel from your router. You'll want to have it strong enough to reach devices in your building but not so strong that it travels outside your walls. Once that signal leaves your walls, anyone standing close enough can intercept it and possibly breach your network. You may also want to create two separate networks, one for guests and one for your employees. This will prevent anyone from gaining unwanted access to your network resources.
- Switch: Your network switch is what connects all the computers and devices in your network together. Without it, computers would have a very difficult time talking to each other! How To Harden: Disable any unused ports on your switch. Leaving an unused port open, can allow a hacker to plug in, directly to your network and access your valuable resources.
- The computers: These are the most important devices in your network and will need top notch protection. How To Harden: Laptops are particularly at more risk than your tower based PCs as they can easily be carried away in a bag without someone noticing. For this reason, adding cable locks while devices are not in use are vital to the safety of your data. All computers need to be outfitted with strong anti‐virus and malware protection software like McAfee or Norton. Make sure your security software can restrict the types of sites employees are allowed to visit. In addition to the security software, add a tinted protection screen to your company's monitors to prevent any passersby from peeking at sensitive information.
The methods above will help you fortify your network and mold informed, hyper‐vigilant employees. They are your greatest defense against the cyber criminals who seek to breach your network and exploit your data. Make cyber security a partnership between you and your employees. Doing so will undoubtedly help prevent a data breach at your company.