Author: Kenneth Wygand
Director of Technology
Custom Computer Specialists
Target, eBay, Amazon, Home Depot, Blue Cross, Sony, JP Morgan. The list reads like a “Who’s Who” in global business and industry. But the members of this club have a much more unfortunate connection: they’ve been hacked. And if it can happen to these international bastions of business, it can happen to your organization as well. In fact, hackers are shifting their focus to small and medium-sized businesses, school districts, and municipalities, as larger companies improve their network security in the wake of such high-profile — and costly — breaches.
Regardless of what company you represent, it’s highly likely that today you depend on your network more than ever before. Organizations are increasingly using network resources for communications, inventory, billing and sales. Just as you lock, alarm and insure your brick and mortar buildings, you should similarly secure and insure your network against malicious behavior.
Here are five tips to keep in mind while developing your network security strategy
- The cost of network security is like your insurance policy premium. It’s the price you pay to have peace of mind to mitigate the risks associated with a breach.
- Focus on developing an overall security architecture instead of looking at point-product solutions. Point products often don’t seamlessly integrate with each other and could become a conglomerate of solutions to manage and support. The more complex a security solution is, the more likely you will have or develop holes in your solution.
- Your strategy should be focused around protecting your assets, not simply building a moat around your network. Today, there’s no such thing as “inside” and “outside” your network, as business needs have broken down these walls. Instead, determine precisely where your assets are and put your protections around them, regardless of where the threats emanate from.
- Eliminate (or severely limit) your “trust” zones. Malicious behavior can come from anywhere, including from employee devices (either intentionally or unintentionally). Ensure your access controls are based on the requirements of each user, and ensure that your security protects you from all potential threats throughout the organization.
- Consider the “human factor” when implementing security solutions. Forcing users to have a minimum of 32-character passwords might be extremely secure from a technical perspective, but this policy will likely result in a large number of people taping their password to their monitor or putting it under their keyboard. Find the right balance between security and convenience so security is embraced by the organization, not subverted.
Once you’ve come up with your recommended security policy, be sure to share it with key stakeholders of your organization (and ensure a sampling of your end users are included). Be sure to explain why each security measure is being recommended and indicate the protections (value) it will provide to your organization. Remember, hackers only need to find one hole to compromise your network, while you need to secure every point of access into your environment. Having your employees on your team practicing good security behaviors is paramount to protecting your environment.
No network will ever be 100% secure, but your goal should be to get your organization as close as possible while mitigating the impact of any risks that remain. Hackers want to be “successful” too, so if you show them they won’t have any success in compromising your environment, they’ll be inspired to move on to other targets and leave you safe and sound.