Call Today to Receive a Free I.T. First Aid Kit: (425) 605-0594
May 31, 2017

Comprehensive Security Plan

Back

Security Plan

The Internet is a global system full of unethical hackers who operate under very loose moral codes, spend most of their time outsmarting their victims, and blackmailing businesses especially those who have invested very little into a comprehensive security plan. Unfortunately, for us, these hackers have no regard for anyone else or our feelings and spend countless hours trying to steal our hard-earned money or damage the technology we rely on to operate our business.

This all sounds very scary and expensive and may never impact us, but let’s not rely on luck to be the security plan. Our goal today is to start a conversation about improving technology security and how we can start offering insight into what businesses should be considering when defining a comprehensive security plan. We are going to provide some tips on what can be done to help prevent an unpleasant technology breach.

We also want readers to reach out to us if they want help investing in any of these solutions to strengthen their technology security. Digux is able to put together a customized plan with several or all of our recommendations we listed below that will bolt onto your existing I.T. services. In addition to the security technology that is purchased, the plan includes all of the standard operating procedures, proper management, and communication to help your business utilize the full capabilities of the technology by enforcing ongoing interaction and maintenance.

Free Technology Security Solutions:

  • Security PlanEducate everyone in your business about phishing scams. Phishing scams are fraudulent e-mail messages appearing to come from legitimate businesses such as your bank, I.T. Company, college, etc. and they trick the end user into logging into a replica of the site extracting the username and password from you enabling the thief to take over your account. There is a ton of information about phishing scams online that can be used to educate everyone. Consider creating a rhythm and policy in your business to periodically send reminders about this or request the I.T. Company you work with assists in the plan. Here is one of many web-sites that can be found online that has more information about Phishing: https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx
  • Establish a best practice to apply strong passwords for users, administrators, systems, and accounts for your technology. Also, make sure you’re changing these passwords often. In other words, business standards for passwords are a minimum of 8 characters, they contain capital letters, small letters, numbers, and symbols. The standard policy to change passwords is every 90 days. However, it is not uncommon for businesses to design a different policy that meets their own needs. At minimum, create a system and work to improve this specification over time. Here is a detailed article from Symantec that provides advice on password best practices: https://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices
  • Secure your mobile phones by enforcing policies especially as the majority of businesses utilize a ‘bring your own device’ (BYOD) culture. Some systems we use to implement security include auto-lock after 15 minutes when the phone is inactive, requires encryption on the device (iPhones are automatically encrypted), password protection with a 6-digit minimum pin, and the ability to remotely wipe the device if it’s lost or stolen. If your business has an Exchange server, this can be automated with ActiveSync policies, or if you are investing in a mobile device management (MDM) platform, this will give you more granularity into managing all the devices in your environment. We recommend implementing Microsoft’s Intune MDM to help simplify management of devices and apps. Read more about Intune here: https://www.microsoft.com/en-us/cloud-platform/microsoft-intune
  • Do not log into online accounts while connected to public WiFi or wired networks. For example, while at Starbucks, do not log into your bank account via your mobile phone or laptop. These networks are prime targets for hackers and ‘man in the middle’ schemes. Additionally, to be even more secure turn off Bluetooth and WiFi if you have sensitive data on your device. Our advice is to only perform logins to your financial sites from a secured network with https. For best in class security, enable two-factor authentication methods for these web-sites. Most banks will provide two-factor authentication technology especially when transferring funds from one account to another. For example, the transfer of funds will require an additional code that will be texted to the end users mobile device or require a phone call to enter a code. These standards are highly recommended by Digux.  Here is a supporting article related to this topic: http://lifehacker.com/5576927/how-to-stay-safe-on-public-wi-fi-networks
  • We recommend enabling BitLocker on Windows systems to encrypt computer hard-drives. BitLocker is useful if the device is lost or stolen disabling anyone from extracting data directly from the hard-drive. Setting up BitLocker is somewhat easy to do however managing the keys for each system can be a chore. In addition to the setup, we have experienced situations when BitLocker introduces unexpected problems. In other words, when a system is upgraded to a new version of Windows and the key is not re-created problems occur or if the system needs to be restored from backup. We also have seen issues with UEFI & BitLocker so establishing standard operating procedures on how to deal with these problems is important. Before enabling this feature make sure the system has a full backup. Also, please utilize your I.T. provider to assess the full scope of the environment and any caveats that may exist before enabling this feature. Read more about BitLocker here: https://technet.microsoft.com/en-us/library/cc766295(v=ws.10).aspx
  • We recommend locking down the network and removing all end users from being a local administrator. This change will create new restrictions on end users such as preventing them from installing new applications or applying some updates, but this is an important policy to help stop most variants of viruses, malware, and ransomware. Administrator accounts can gain full control over the environment and can create serious damage resulting in a costly repair. In addition to removing all local admins, it is necessary to develop a system that creates a report identifying all local administrators at least every month. Technology settings become unaligned, and this process can minimize risk. As always, consult with your I.T. provider for more insight about applying this policy before diving in on your own. Read more on this topic here: https://www.beyondtrust.com/blog/removing-users-from-the-local-administrators-group/

Computer & Server Technology Security Solutions:

  • Security PlanHarden computers and servers by keeping all of the software fully patched. For example, Windows Updates for the operating system or Office programs, Adobe Updates, Java Updates, Exchange, SharePoint, SQL, etc. Most I.T. companies include patching with their services plan. Even though this is the most basic approach to a comprehensive security plan, this is not as easy as it may seem from the outset. Updates often change the systems and can introduce new problems such as printers not working and even can prevent a system from booting up.  Establishing standard operating procedures for each application and subscribing to software vendor blogs and testing patches with non-production systems is an ideal practice before rolling them out. Evaluating the results of patch policies is time-consuming and requires dedicated resources so never overlook this important task provided by I.T. resources.
  • Install and manage antivirus and antimalware software on all computers and servers. We recommend having two solutions as one is not entirely capable of detecting all the different variations of critters that can infect a computer system. The antivirus and antimalware software is not a ‘setup and forget’ solution either. The software vendors who sell these applications provide updates, and there are other moving parts such as file definitions and scans that need to be configured and managed in addition to reviewed often. Configuring alerting is also key to a solid best practice so when a machine becomes infected I.T. support receives a notification and can take action.
  • We recommend investing in a log and event management solution for businesses that require strict security policies or a business that wants visibility into what is happening on their network, computers, servers, etc. These solutions will correlate the logs into readable information and will trigger events to notify I.T. personal when advanced hacking attempts or situations occur on the network. If you are researching a solution, we have implemented the following log and event management solutions for our customers and recommend either Alien Vault, SolarWinds Log & Event Manager, or Splunk.
  • Establish a best practice and standard operating procedure to backup & restore computers and servers. If a machine experiences the following: becomes unstable, gets infected by a virus, hardware fails, a file needs to be restored, or something malicious happens such as disgruntled employee steals data or paves a machine for example — a backup/restore process can help navigate through these troubled waters per say. We have developed a comprehensive backup & restore standard operating procedure and highly recommend this to our customers. This SOP has seven core best practices with many other associated processes that enable us to recover from the majority of the situations we encounter.
  • A feature commonly used on servers in a business environment is Group Policy and can help companies define policies to control system behaviors. These Group Policies can include password policies, security features, firewalls, application management which can prevent crypto locker and other safety issues on a network. Group Policy is a complex and under-utilized tool that should be a part of a business’s comprehensive security plan.
  • An anti-spam email filtering solution is a highly important tool to protect computer systems from security problems that are transported over the Internet via email. We receive high volumes of emails every day and especially so for recruitment or HR firms who are sifting through messages from ‘unknown’ people. These email viruses can invite problems onto the system or network easily and cause harm to the entire environment. In addition to a reliable Anti-Spam email filtering solution, we recommend isolating a machine that is utilized to review ‘unknown’ emails from the existing corporate environment. We suggest segmenting a computer from the internal network, so if a machine gets infected, it does not synchronize the problem across the other computers and create a system-wide event.
  • If your business utilizes the Active Directory (AD) role on a Domain Controller server, then AD management and reporting are highly recommended. Removing old inactive users, computers, or any other objects in this environment are best practice and improve security. One solution that is useful for this process that can help I.T. administrators is ManageEngine’s AD Manager Plus. Read more about this tool here: https://www.manageengine.com/products/ad-manager/

Network Technology Security Solutions:

  • Security PlanWe recommend that every business invests in or beef up firewall security to include more than just basic network address translation or inbound port mapping. An active firewall should include the following features at a minimum to protect against attacks on the network:

-Intrusion Prevention Services (IPS)
-Data Loss Prevention (DLP)
-AntiSpam
-URL/Content Filtering
-Network Discovery
-Gateway Antivirus

  • Gain visibility into your entire network infrastructure and underlying systems by using a vulnerability scanning solution such as the Nessus Cloud. This technology enables a business to perform assessments to identify vulnerabilities, policy-violating configurations, and malware that attackers could use to penetrate your network. We love the Nessus Cloud and it uncovers unique threats no other systems can find. A company must invest in this tool if you value a secure network environment.
  • We recommend investing in a dedicated web content filtering solution with either a Barracuda appliance or OpenDNS technology known as Cisco Umbrella’s cloud solution. These techniques can stop ransomware and cryptolocker variations in their tracks.
  • We recommend investing in an intrusion detection system (IDS) that monitors traffic at many different points and provides visibility into the network known as “Protocol Analyzer.” IDS gives a business much deeper visibility into the network and can notify I.T. personal when a threat emerges on the network.
  • Harden all existing network equipment by keeping the software and firmware fully patched. For example, firewalls, Wi-Fi routers, network switches, storage devices, etc.
  • Secure WiFi networks on the internal corporate network by enforcing RADIUS authentication for 802.1x wireless compatibility. This requires end users to have an account on the domain and enforces current credentials to authenticate and be authorized to gain access to the network. This adds a layer of security to the network and prevents someone from hacking the key on the WiFi device itself, therefore, gaining full uninterrupted access to the corporate network.
  • A detection and response mechanism on the network is crucial in assisting I.T. support to understand changes and potential security risks that may occur. For example, I.T. support should be notified for the following reasons: if a user has been locked out of the system, if a new unknown device is connected to the network, if antivirus or anti-malware finds a virus, if a software firewall is disabled, or suspicious outbound traffic is detected.
  • Harden home office networks especially if connections from home are a part of the corporate network. Here is a comprehensive guide that is an excellent start to help with improving security for your home office. https://cta.tech/Membership/Member-Groups/TechHome-Division/Device-Security-Checklist.aspx

Cloud Technology Security Solutions:

  • Security PlanCloud security is an incredibly complex topic and is not a one-size-fits-all conversation and honestly, should require specific advice for each cloud technology. In other words, the security plan should be specific to providers and services being utilized such as Microsoft Azure, Amazon Web Services, Google, etc. Nonetheless, we have several key recommendations we would like businesses to consider when using cloud services:

-Train employees on cloud security best practices
-Connect to the cloud only using high-grade encryption protocols
-Backup data locally
-Avoid storing highly sensitive data
-Validate data is encrypted
-Enable two-factor authentication
-Configure activity tracking to log access history
-Use HIPPA compliance as a guide even if you aren’t in the healthcare industry
-Define responsibilities and roles with your cloud provider
-Have an exit plan in place in case the existing cloud provider does not work out

Physical Technology Security Solutions:

  • Security PlanTrain employees to validate I.T. personnel’s identification before giving them physical access to the computers, servers, or network equipment.
  • Lock up the server room or enclosure storing equipment. This prevents thieves from stealing the equipment or any unexpected destruction of the equipment.
  • Invest in video surveillance or an alarm system to protect your business assets.
  • Invest in the following three insurance policies: cyber liability, business interruption, and business interruption off premise utility services. Insurance policies can be crucial in saving a business in the event disaster strikes.
  • Provide your I.T. provider a spare key to your server room or enclosure. This can be very useful if the primary key is lost or stolen.

Summary:
While we were writing this month’s comprehensive security plan article, the WCry ransomware outbreak occurred and raised many eyebrows and gained global attention. Digux is happy to announce none of our customers were impacted, and this is due to our team’s commitment to technology security. We believe technology security is becoming imperative to businesses and it starts with the education process. To request more information about technology security, please feel free to email info@digux.com.


Leave a Reply

Your email address will not be published. Required fields are marked *