Is Your Company’s Security Up to Date ?
As the paradigm of modern workflow shifts more and more to the electronic medium, data and network security are becoming critical concerns for the modern business. With more and more financial transactions and sensitive client and corporate data being moved across our networks and the web in general, this is an area that should always be in kept mind. Unfortunately, these concerns are often not addressed until they are exposed by an actual security breach and it is too late. With a little thought and knowledge this is something that can be avoided. In this article we will discuss the basic thought process and steps you need to take to find a solution that’s right for you. Architecting a security plan can be broadly divided into three parts.
1. Know your needs
The first step is to determine the level of security to which you need to aspire. To do this let’s start by asking some questions. Are you housing or generating sensitive business, financial, or personal client data? What is the value of this data to competitors or hackers? Are you storing social security numbers or credit card information? Conversely, you might be tracking and generating benign data for anonymous surveys and you might be willing to accept more lax security protocol because you have nothing to worry about if the information were to be compromised. These are all things you need to consider. In general the most vulnerable data you are housing will give you the high water mark for what your total security level needs to be.
In the medical field HIPPA violations can lead to potential serious liability issues if sensitive client medical history is exposed. The financial sector lends itself to risk simply because of the inherent value of the data to hackers or competitors. Imagine if someone got hold of a company’s quarterly earnings reports before they were announced publicly.
2. Assess and minimize the size of attack vectors
In network security an attack vector is a potential area where the outside world is given some form of access (no matter how limited it is intended to be) to the inside of our network. We want to keep the total area of attackable vectors to an absolute minimum. This involves taking a look from the outside in. Knowing how a hacker can gain access to your infrastructure is the key to preventing it from happening. This is a very broad topic and is beyond the scope of this article however I will give a brief example.
Often times our system administrators will setup all the workstations in an office as local administrators and I see more often than not that they use a network level password and security credentials. This is often done as a convenience for day to day maintenance; in addition, there are fewer passwords to remember. While at first glance this might not seem like a major concern looking from the inside, if we step away and try to look at this from the perspective of a hacker it becomes much more ominous. We have now increased the available vector of attack dramatically. If each workstation is given limited network access and it is hacked the area exposed would be that one machine. There may or may not be important information there, but even if the hacker gets the workstation they do not have the network. However because the workstation was configured with administrative credentials, when the hacker takes the workstation they are taking the network on a silver platter.
There are many other areas to consider here such as how to bullet proof our sensitive data servers and isolate high security data such as financial and confidential information. What it really boils down to is knowing, following, and staying current on best practices. If you do this and don’t cut corners, you can make it very difficult for even a skilled hacker to penetrate your defenses. Often this can lead to inconvenience but this goes back to the idea of knowing your required level of security and striking the necessary balance to keep assets protected. All it takes is one corner cut to topple the castle and in high stakes infrastructure this is often what happens. Think about something like the NASDAQ getting hacked, who would think that this could happen ? You would think that they would have the best, and the brightest, on it 24 –7. But this is a perfect example that if you leave an open vector and are housing valuable data someone will try to exploit it.
3. Get Hacked
The only way to really know how secure your system is, is to have someone who knows what they’re doing attempt to break in. This gives you peace of mind and it allows you to fix potential issues in a testing environment rather then a retrospective response to a expensive loss of sensitive data or down time. While it might seem counter intuitive or dangerous this can make all the difference. How do you really know how secure all the security you’ve implemented is unless you put it under the gun ?
If you’re concerned about security or want to put your security to the test contact us today to set up an evaluation.