How secure is your Enterprise security?
First off, happy new year – even though it already feels like the holidays were a long time ago! We hope the first weeks of January have treated you well.
While we’re all looking forward to whatever 2019 has to offer – and we’ve got some exciting projects to tell you about in the pipeline – we thought we’d use the first blog of the year to reinforce what your business should be doing to keep all your systems secure and protected. Recent research suggests that small UK businesses are battling five cyber-attacks a year, with 17% of companies facing at least one annual attack and 2% of companies being attacked up to twenty times per annum1. No matter how big or small your business is, you will always be a potential target for hackers. That’s why, where your data security is concerned, it’s important to be proactive and never leave anything to chance.
With that in mind, here are our top tips for keeping your Enterprise security as solid as possible:
Ensure all your employees understand the importance of data security
Data security is everybody’s responsibility so make sure your employees know (and adhere to) your data security procedures and fully understand their obligations to both your business and the Data Protections Act. Make it clear that the use of less-secure file transfer applications like Dropbox, Google Drive and personal email accounts increases the risk of system attack and review your data security policies regularly.
Ensure you have a password management and rules policy
According to some statistics, 73% of users have the same password for multiple sites and 33% use the same password every time they log into a system. That’s a big reason why your business should never allow simple passwords and, wherever possible, don’t use passwords at all. Even passwords that are an obscure letter and number combination can be ridiculously easy for a determined hacker to decrypt.
Disable SSH passwords
Instead, consider using a Secure Shell (SSH) key. It’s far more secure and can be configured to allow the use of different types of authentication. However, even with SSH there’s still one big security point to remember:
Don’t share your SSH keys with anybody
The SSH system uses two keys – a private key and a public key. If you’re ever required to hand over your SSH key, make sure it’s only the public key you give away – an intruder needs your private key in order to access your system. The private key should be purely for your eyes only (with apologies to anyone who’s going to spend the rest of the day with that James Bond theme stuck in their head.)
But, if you’re determined to keep using those easy-to-hack passwords…
Enforce regular password resets
Passwords should be changed every 30 days at the minimum and it should be a completely different password from the last one not the previous password with a new number attached. A password that’s a combination of numbers, symbols and uppercase and lowercase letters is recommended, and avoid using predefined number or letter sequences.
Use 2 Factor Authentication wherever possible
2FA requires both a standard password and a code retrieved from an approved external device. If you use online banking you’ll probably already be familiar with the concept. It’s a useful extra layer of security, especially if you’re not going to take the SSH key route,
Keep system access to a minimum
Make sure that the only people who have access to your systems need that access right now. If you give access to everyone just because you think it might be useful at some point in the future that’s a bit like giving your front door keys to somebody just because they might buy your house ten years down the line. Not a good idea.
And while we’re on the subject of not good ideas…
Disable root access
When a user’s logged on as root they could already make innocent but potentially nasty mistakes like deleting important files and directories without even meaning to. So, imagine how much worse that damage could be if a malicious intruder compromised their account and gained root access to your system. It’s not a pleasant thought.
Beware of phishing
Despite all the ultra-tech hacking methods out there, old-fashioned phishing is still one of the most effective ways criminals use to access accounts. The antidote is simple. Unless you’re 100% sure of who you’re dealing with, never hand over your details.
Whenever possible, use a firewall to restrict unwanted access to your system. Not only does a well-maintained firewall create a barrier between your internal network and an untrusted external network (i.e. the internet), thereby protecting your computers from hackers, viruses and worms, it also lets you control how your systems are used by your employees.
Separate your servers
Holding all your servers on the same network makes them extremely vulnerable - if one of the servers is compromised, the intruder can easily attack all the others. However, if you physically separate the servers onto different networks you’ll have a much better chance of stopping the intruder in their tracks. Also, give a thought to your server’s individual vulnerabilities – for example, a web server’s fundamental job is to allow access to content whereas a database server often contains invaluable business and client data. That’s another good reason to keep them apart.
Finally, if your data is currently housed in the cloud it’s potentially more susceptible to theft and attack. For that reason – as well as many others – you should consider migrating your data onto your own private infrastructure and, for even greater flexibility, couple your private server with a hybrid or private cloud deployment. We can design and build a server that complete meets your unique business needs and integrates seamlessly with your existing systems while our partners at MIGSOLV can keep it ultra-protected in their world-class Gatehouse data centre. If you’d like to know more – or find out about any of the other data management solutions and innovations we have to offer - give us a call on 01603 327762 or email firstname.lastname@example.org.
Categories:Systems Cloud On-Premise Security Latest