From cryptoware to worms, malicious applications and viruses, cyber attacks are oh so prominent in today’s digital age. How do we protect ourselves, our data and our network?
This is a tough question to answer considering the vast quantity of tools out there that seem to make this easier for the bad guys. From NSA-leaked tools to flaws down to the very brain of a computer system – the CPU – cyber security is as important now as networking in general. Network hardening is only as effective as the users within the network and the measures taken to prepare for a disaster – hope for the best yet expect the worst.
Nothing is a bigger bummer than logging into a computer to work on daily tasks to be prompted with an encryption alert and the need to pay money to release your data. What can you do about this? Well, in a single word – backups.
If you currently do not have backups stored offline or in multiple network-accessible locations, each behind their own security measures, you should do so immediately. Backing up critical data should always be a top priority.
What about remote employees needing to get into the business’s network to perform their tasks? How do you protect your network while allowing these users access into the network?
VPNs are a great way to avoid too much public exposure of well-known ports that are potentially exploitable. The level of encryption makes it that much more difficult for anyone trying to listen in on the communication to make sense of the “sniffed” packets. Unencrypted network traffic on the other hand, can be easily listened in on by anyone with the right tools. What risks are you willing to take on your business procedures?
All of the above help add those layers, but what else is missing?
The missing key is employee training. Embedded links in phishy emails can lead to internal outbreaks that could rapidly manifest itself. Network security is not a measure to be taken lightly. There are numerous tools to potentially (and hopefully) block these threats at the door but for the events that seep through (and there are), employee training is critical.
Just like with any information system, there are unknown vulnerabilities and exploits. Many are found day in and day out, unfortunately at the expense of those who would rather it not have happened. Others are found by ethical researchers who are out there looking out for users.
Be sure to say up to date with software for used hardware and products. As vulnerabilities and exploits are found, security patches are released and updating your software is the next. You should routinely review software release notes to determine the benefit, if any, to update to that release. On the other hand, you should take immediate action on security or critical updates to patch any potential security hole.
A good question to ask is: what is YOUR data worth? Are you willing to find out? Or would you rather be prepared, and should something happen, can you recover in an appropriate matter? – Emil Hozan