Security supersedes job descriptions. That’s right, every employee can play a role in effective information security, regardless of their department or skill level. In large enterprises, a dedicated security team will most likely handle the security of the company’s network and data. But network administrators and IT staff also play important roles in preventing, detecting and mitigating security breaches. In fact, at a small business or a branch of a distributed enterprise, they may be the only ones concerned with security. With proper training, IT and networking staff at smaller organizations can detect and defend against malware as it attempts to spread through a network, gain privilege and exfiltrate data.
Here are a few key things every IT department should be doing to improve their company’s overall security.
All employees should be trained to be on the lookout for suspicious emails, websites and downloads. Many pieces of malware spread by tricking users into clicking a link, downloading an appliance or opening an email attachment. We recommend holding quarterly training sessions to teach employees how to identify suspicious activities and what to do if they find themselves in a risky situation. This should be done by IT staff with support from management.
Patch Like Your Data Depends On It (It Does)
As new strains of malware are discovered in the wild, software and hardware companies will issue patches for their products and services to eliminate security vulnerabilities. IT staff should keep all software up to date with these patches. Microsoft issues security patches on the second Tuesday of every month here. You can download Apple security updates here and Adobe publishes theirs here. The IT department should also review installed applications on the company network and remove any that are no longer business-critical to eliminate possible holes in their defenses. Monthly patch reminder notices from the IT department are also a good way to remind individual employees to keep their devices and software up to date.
Segment Your Network
Systems or network administrators should segment business networks to isolate their critical systems. This way, if malware does gain access to the network, it won’t be able to access or affect those important systems. Whenever possible, companies should also implement APS and APT scanning solutions to identify malware. If an organization does not have dedicated network or systems administrators, this job may fall to IT staff or a managed service provider.
Control Network Access
Network administrators should use Access Control Lists to restrict access to areas of the network to only those employees who need it. Again, this responsibility may fall to the IT staff in smaller organizations without dedicated administrators.