There's simply no overestimating the importance of security practices to ANY business with an online presence, no matter how big or small. Cybercrime has become the new "boom industry" among the criminal element, and virtually anyone could become a target.
We don't like sounding alarmist, but the plain facts are that it's been rising rapidly in recent years, with no reason to think that trend is going to change any time soon.
So if it's been awhile since you've reviewed your security practices, it's definitely time to take another look at them. We've boiled it down to three basic questions you need to ask, along with some of the steps you can take to answer them.
1 - What exactly are you trying to protect?
Advanced security is focused and targeted, just like marketing. "Security" is merely a goal; the path to it is by describing and securing all the likely targets and potentially-vulnerable areas of your network.
So, you want to identify:
- Obvious targets, such as databases with consumer information, or servers holding mission-critical software.
- Network-based vectors of attack, especially devices on the "network edge" which are directly exposed to outside factors.
- Existing security services and their ranges of protection.
- End-user devices being utilized, especially in a BYOD environment.
- Major software systems exposed to the outside Internet.
- Any major discrepancies between policies as written, and policies as implemented. Corner-cutting can be disastrous in security.
This analysis will give you a wealth of information about the current state of your security. Knowing your internal defenses, the next step is to think about how they might be compromised or attacked.
2 - What are the likely threats and vectors
One of the best options here is to perform penetration testing, which is basically controlled hacking where you attempt intrusions on your own systems to see what is and is not visible to the outside internet. There are various software tools which can help with this, such as Cisco's Event Manager which is bundled with Cisco IOS.
It may, however, be better to hire a network specialist. They'll have access to significant tools and techniques to help spot major vulnerabilities from the outside. Vulnerabilities should be prioritized in terms of their overall risk, for structured security plans to be developed.
3 - How comfortable are you with your threat response?
The information you've gathered should add up to a clear picture of the current state of your security, as well as any major vulnerabilities that may exist.
Threat response is a combination of both software and human input. Automatic m onitoring systems are useful, but they can't replace a live administrator, and there's a limit to how much software can do on its own.
So, if possible, arrange some drills with your network and IT department heads to test their preparedness. Knowing how well your technical staff can respond to an actual threat will tell you a lot about how comfortable you should feel about your defenses at the moment.
Need More Security Advice?
Network security is a big topic, and there's no such thing as a "one size fits all" solution when it comes to protecting your vital electronic assets. For a free consultation on your needs, and a discussion of how to arrange proper testing of your systems, contact Hummingbird Networks today!