Security should be thought of in layers – we can longer rely on any single one action, software, or solution to protect us. The more, the better! There are many simple and easy security practices that can be implemented with little or minimal cost. Below are nine layers to tighten up your security strategy.
- Use a password manager. Humans tend to have terrible password habits – and as a result, one of the biggest security weaknesses is password management. Even if you adhere to password policy guidelines, it can be tough to come up with a solution that is truly complex enough and easy enough to for you to use and remember. If you use a vetted password manager, the ability to use long, complex and strong passwords becomes exponentially easier.
- Keep current backups. Be sure to have a copy stored in a different location than the primary backup. Many people forget that backups are “good security.” Good security states that “it is not if, but when, you have a security incident.” If that is where we start, we need a good backup solution, or better yet, a good disaster recovery plan so that when something goes wrong there’s a way to recover with minimal downtime.
- Implement MFA as often as possible. Multi-factor authentication (MFA) is a method of authenticating a user’s credentials and acts as an additional layer of security. MFA acts by requiring an additional piece of information (generally a temporary code) that can be delivered by text or an application on your computer or phone. MFA is not yet offered universally, but if you can add it to your current security strategy, it’s a great option.
- Set up users as local administrators. Verify that your users do not need to be logged into their computers as administrators. This is one easy step to dramatically reduce the chance of getting infected by a virus. Try setting up local administrator accounts on each users’ computer and let the user have only that password.
- Limit unnecessary traffic on the network. Like limited administrative rights, you should only allow necessary traffic to flow through your network. If you have a firewall, that means making sure only traffic that is needed can pass through the firewall. It is best practice to isolate guests on a network to prevent them from accessing your file server or other corporate network infrastructure. If you have users that are remotely accessing the network, make sure they are using a VPN or a similar tool with the same level of security.
- Update your devices. Make sure your laptop, firewall, software, antivirus, and network devices are up to date with latest firmware and patches. This is the only method to prevent exploitative behavior as a result of software flaws.
- Educate users. Humans are the weakest link in online security, and education is the best solution. At SWAT, that means we take the time to have our higher-level technicians teach lower-level technicians. We also spend time with our clients, providing education sessions to help prevent users from unknowingly making errors.
- Document your network. It is difficult to identify all the vulnerabilities of your network without knowing what exactly is in it. If there is an incident that needs to be investigated, documentation can cut down on the time it takes to resolve the issue.
- Encrypt high-value items. If you have laptops with sensitive data that frequently leave the network, encrypt the hard drive. If you send a message that contains sensitive data, encrypt the email. If you are surfing the internet, make sure the sites you visit are secure (they use HTTPS). You can take it a step further and use the browser plug-in HTTPS Everywhere.