• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Information Security Transcends Titles

February 1, 2017 By The Editor

notebook pen business plan

Security supersedes job descriptions. That’s right, every employee can play a role in effective information security, regardless of their department or skill level. In large enterprises, a dedicated security team will most likely handle the security of the company’s network and data. But network administrators and IT staff also play important roles in preventing, detecting and mitigating security breaches. In fact, at a small business or a branch of a distributed enterprise, they may be the only ones concerned with security. With proper training, IT and networking staff at smaller organizations can detect and defend against malware as it attempts to spread through a network, gain privilege and exfiltrate data. 

Here are a few key things every IT department should be doing to improve their company’s overall security.

 Train Everyone

All employees should be trained to be on the lookout for suspicious emails, websites and downloads. Many pieces of malware spread by tricking users into clicking a link, downloading an appliance or opening an email attachment. We recommend holding quarterly training sessions to teach employees how to identify suspicious activities and what to do if they find themselves in a risky situation. This should be done by IT staff with support from management. 

 Patch Like Your Data Depends On It (It Does)

As new strains of malware are discovered in the wild, software and hardware companies will issue patches for their products and services to eliminate security vulnerabilities. IT staff should keep all software up to date with these patches. Microsoft issues security patches on the second Tuesday of every month here. You can download Apple security updates here and Adobe publishes theirs here. The IT department should also review installed applications on the company network and remove any that are no longer business-critical to eliminate possible holes in their defenses. Monthly patch reminder notices from the IT department are also a good way to remind individual employees to keep their devices and software up to date.

Segment Your Network

Systems or network administrators should segment business networks to isolate their critical systems. This way, if malware does gain access to the network, it won’t be able to access or affect those important systems. Whenever possible, companies should also implement APS and APT scanning solutions to identify malware. If an organization does not have dedicated network or systems administrators, this job may fall to IT staff or a managed service provider. 

Control Network Access

Network administrators should use Access Control Lists to restrict access to areas of the network to only those employees who need it. Again, this responsibility may fall to the IT staff in smaller organizations without dedicated administrators.   

For more on the latest patches and security news, check out WatchGuard CTO Corey Nachreiner’s Daily Security Byte videos.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use