Editor’s Note: The following guest article by John Dayton explains in detail how to protect your business from the very real dangers of the Internet. The events of the past several years have left no doubt as to the necessity of having a clean and secure network. If you’ve got doubts, talk to someone at Sony, Chase, Lockheed, or one of the many other victims of hack attacks.
Protect your business from online threats
Nobody is immune to network attacks and hacks. Hackers and data thieves will go after both multinational corporations and small to medium sized businesses with equal gusto. A well secured network that cost a certain amount of effort and money to put together can save your business thousands or even millions of dollars down the road in avoided data theft, lawsuits and massive business systems interference.
To avoid being an easy victim, follow these tips to harden your systems and make an attacker move on to easier prey. If you’ve already been a victim of an attack, let’s also examine some damage control procedures you can take to minimize your losses.
Preventing Hack Attacks and Securing Your Network
The first line of defense your computers and network will have against attackers is in their physical security parameters. If your machines and any sensitive documentation are easy to physically access, you’ll have a very easy and dangerous source of possible breaches. Keep all your doors and windows locked when no one is at the office, buy a quality alarm system and make sure it’s activated nightly with an access code that only your most trusted employees have access to. Don’t leave computers with sensitive information unsupervised or in the hands of employees you can’t trust well and if you print out any important information (particularly confidential client data), either guard it well in a secure place or thoroughly destroy it as soon as you’re done using it.
Another useful tip that could be classified as physical security for the particularly cautious is to separate your computers into red and green categories. This is a step certain government security agencies apply to their systems and consists of having green computers with no access to a network as data storage points for very sensitive information, and red computers that are connected to a network, a cloud system or the external web; these being used for day to day activities and not storage of sensitive date.
Data Backup Strategy
Every company is inevitably going to build up many, many gigabytes or even terabytes of extremely important data that needs to be kept for reference or work purposes. The loss of all this information can be a complete catastrophe for some companies. It absolutely needs to be protected by a backup strategy. Instead of simply storing everything on your office and network computers, consider backing your data up to a second set of servers that either you yourself own at a different location or (even better and more convenient) sign up for a trusted and highly secured cloud storage service that offers multi-terabyte data space. Train your employees to regularly back up all information and anything they create to the cloud. This will save you from the information misfortune of losing everything if your office burns to the ground or is the victim of computer theft.
Antivirus and Network Intrusion Systems
Protect your network with a robust antivirus implementation that covers every computer, all of its online activity and exchanges between machines in the network. You should go for a strong, commercial system such as those offered by companies like Kaspersky Labs, AVG and Bitdefender. Furthermore, ensure that you stay on top of regular security updates from your antivirus software provider.
As an additional step, you should strongly consider hiring an IT security person for full time network administration. Have them install and regularly monitor a network intrusion detection system that watches over your entire network. Such systems are complex and require full time dedication, but they do monitor security aspects like bandwidth and activity supervision, virus checks, changes in file settings and permissions, packet sniffing and regular checks of every single network PC for unusual activity or contamination. Have your network intrusion system coupled with your antivirus protection in order to simplify security.
A powerful firewall around the machines on your network will dramatically reduce the likelihood of attacks; especially if it’s coupled with the above-mentioned antivirus and network intrusion systems to create a certain degree of security redundancy. A quality firewall will prevent unauthorized access to your computers from external sources; protect your computers by preventing employees inside the network from accessing external sites that could be harmful and also protect unsolicited applications from effecting changes inside your computers or the network. Network intrusion protection systems usually include firewall protection as an existing measure.
Ensure that all your software is up to date and secure. Set all of your computer software systems to automatically update themselves whenever new patches occur and instruct your employees not to interfere with this process. The constant software updates that most systems go through periodically aren’t there just to annoy users; they’re designed to cover constantly emerging Internet threats.
Passwords, Removable Devices and Encryption
Create a password policy for all your machines that requires all of them to be secured by long passkeys of multiple differentiated characters. These are much harder to crack with anti-password software and can save you from some very heavy intrusions. Ensure that your employees memorize these passwords and don’t simply write them down somewhere where anyone could end up running across them. Also, for any removable devices like USBs, laptops and tablets that employees will be taking home or on business trips to work with them; make sure they are protected by password activated encryption and that they only contain the essential date for a given workload. This should particularly apply to overseas business trips.
Ensuring Client Confidence
If your company has implemented all of the above network and computer security steps, it should already feel quite confident in much less likelihood of being attacked by hackers and data thieves. Furthermore, your company should advertise an overview of how it manages security in order to make clients feel secure in entrusting their business, money and confidential date with your systems. However, advertising your security should also not involve giving too many details away, since knowing that a company is secure but not knowing just how extensive the security is can also work as an attack deterrent; maintain a certain aspect of confidentiality.
In the event of security attacks, quickly establish a timeline that defines where and when the attacks occurred in order to better track the intrusions progress and what may have been infected or breached. This will let you know how client information might have been affected.
Managing Security Breaches
There are numerous types of hacker attacks which can occur against a network, but to keep things simple the main types are structured external attacks (attacks of a planned nature, usually conducted by criminals), unstructured external attacks (conducted by thrill seeking hackers) and internal threats.
Finding out which type of attack is going on is usually a question of detailed traffic and program routine analysis; finding out where the attack originated from by tracing its movement. In many cases, if an in-progress intrusion is detected, the best practice is to observe it at first and in doing so trace its source in order to allow a better response. Once the hackers’ activities have been traced, the next step should be to immediately cut off the access route they used and keep an eye on possible alternatives they could try later; this while at the same time removing any malware the hacker has installed and repairing any damage done.
Beyond measures like this, other important methods of dealing with security breaches include applying access control lists on firewalls, routers and network intrusion systems; disconnecting the host that’s being attacked from the rest of the network; disconnecting the whole network from external contact or disconnecting a certain company website from the internet.
Once the attack has been stopped, the process of repair and re-securing should begin, with all the proper changes done to make sure the hackers can’t access you by the same or related means again.
Another important part of dealing with active security breaches is to document and record everything that was observed, all systems that were affected, how and how the threat was dealt with. Any infected data or systems should be reviewed thoroughly and system logs checked for more evidence.
About the author: When John Dayton isn’t offering the best in technological advice, he is busy covering the best that forensic engineering has to offer.