How Can I Improve Network Security (The Basics)

It is no secret that in today’s business marketplace there are malicious and intelligent threats all over the internet.  Some of them are very benign while others have the capacity to completely put someone out of business.

In recent posts, we have explored concepts like disaster recovery and business continuity.  Within that model exists network security practices and protocols.  However, the complexity and detail of network security processes are wholly dependent on the organizations that implement them.

What that basically means is that there is no such thing as a 100% guaranteed one-size-fits-all solution.

The good news is that while such diversity in methodology exists, there are still a handful of best practices that can be applied and implemented across all solutions.  We are going to briefly discuss 5 methods that are easy to implement and can make a big difference in maintaining the integrity of your privacy and professional network.

Keep Software Updated Regularly

This may seem fairly obvious but it is a very easy process to forget about.  Countless businesses and private users fail to update software regularly and do not realize that this enhances their risk for a network attack.  The best way to address this is simply to pay attention to notifications and then set updates to occur automatically.

Many of these software updates include security updates so delaying these regular software enhancements can give a hacker or online threat the opening it needs to access your network or private data.

Use Varied & Complex Passwords With Management Tool

Another one of the more obvious but perpetually ignored facets of good online security is using complex passwords that change often.  Most people, including the author of this blog, get comfortable using the same handful of passwords.  It is easier to manage and you don’t have to worry about forgetting.  It makes sense!

Problem is that the more a password is used, the more likely it is to be compromised.  The dark web offers countless tools to decipher passwords that are used with regularity and then paired to the parent email or account of the host user.  That means if one of your passwords is compromised, you can have security breaches on any entities that use those same login credentials.

So the next question becomes “how can one manage so many different passwords?”

There are numerous different online apps and platforms that are designed to remember passwords and auto enter them for you as needed.  These allow you to use highly complex passwords and change them regularly without ever having to actually learn or memorize them.

Use Multi-Factor Authentication

Multi-factor authentication is becoming more and more popular with education, finance, and banking services.  This is the process of verifying a login by sending the stored contact information (usually a text or email) a code to verify that the actual account owner is the one accessing the account.

Many personal and business account allows for this level of security as an option but it is not always utilized since people tend to get annoyed with spending another minute or two to safely login.  However, that extra minute could not be better spent if it means maintaining the security and integrity of a network with confidential and private information.

Understand Phishing Scams

Phishing scams are one of the most popular and common threats to security.  While they are the easiest to avoid, they are also among the most successful strategies to breaking into networks.  The success of this strategy relies on the ignorance of the masses at large.  People are still not careful about opening suspicious emails or clicking links that look like they are real.

Phishing scams are usually emails, texts, or instant messages that have links in them.  The emails can look official and legitimate which is why people continue to take the bait.  The best way to avoid falling for these scams is simply to avoid clicking on any link that doesn’t come from a trusted source.  These links usually look like they are coming from a service provider or institution that you have an account with, banks being among the most common.  However, if you look closely, you can usually find something suspicious.  (For example, the return email may be www.bank.co instead of www.bank.com)

No banks will contact you via email only with account sensitive issues so if you receive correspondence that looks like it could be real, the best solution is to contact the institution directly so you control how the information is passed and who receives it.

In conclusion, don’t click on links that look suspicious in the least.  If ever you have a doubt, you should contact the institution in question directly.

Backup Your Data

Last but not least, everyone should have some kind of backup for their important data.  Whether that is using the cloud, physical storage, or hiring an outside service provider, backing up your data is imperative.

We have discussed the concepts surrounding data backup and the strategies that come into play in previous posts so I won’t go into excess detail here but using a data backup or disaster recovery strategy is one of the most reliable methods to securing the information on your network.

Like other strategies, this process is going to be largely dependent on the type of information you are securing, the complexity of your network, and the associated value.  However, there are numerous strategies and services available to allow you to have backup your personal or business data so it is very easy to find a platform or solution that fits your needs without over investing.

These are just a handful of a plethora of different methods someone can use to protect their data and network.  Feel free to add other strategies that we haven’t covered in the comments section below.

Lastly, if you have questions or are interested in learning more about improving or managing your business network security please contact us anytime to set up a meeting or network audit.

 

Why You Should Pay Attention To Disaster Recovery

In our last blog, we briefly introduced disaster recovery solutions as part of the business continuity family.  However, disaster recovery is arguably the most important aspect of your business continuity plan.  Today’s blog will go over some of the basic concepts and strategies that are available with disaster recovery solutions.

Since every business operates differently, disaster recovery solutions offer a diverse selection of strategies to work with any business regardless of size or investment capability.  Since some businesses can operate with minimal data, they do not need to over invest in securing their vital information.

While other methods are available, the primary types of file backup are either file or image based backups.  File based solutions backup each file independently whereas and image based approach allows for a faster more streamlined solution as it backups files through image capturing which is more efficient and best suited for large volumes of documents.

These backups can be stored in numerous places.  Everywhere from a USB device to a protected cloud server can be used to store backed up information.

This is where some of the complications and problems can arise.  Since most people who run a business are experts in their craft instead of in the intricacies of data security, it is extremely important to have a clear and accurate understanding of how you are managing your disaster recovery plan.

Here are just a few of the questions that should be considered:

  1. Are you saving everything on a USB?
  2. Are you backing things up to the cloud?
  3. How often are these backups occurring?
  4. Do you have more than one redundancy to better ensure secured data?
  5. When was the last time your disaster recovery plan was tested?

All of these questions are important.  But most importantly, as businesses grow and change, the answer to these questions may change.  For example, if a business is only a few people and they store sensitive data in a few separate files, it may only make sense to secure those files.  However, if the business grows and starts to migrate that data into different file groupings or create new workflows, the information may not be secured anymore since the workflow and organization has changed.

Another issue that faces people who try to manually secure information on USB devices is if a file is compromised and then unknowingly saved to the USB, then the USB becomes compromised too, along with any other computer that gets connected to this device.  In this scenario, not only has the user had their data compromised on the USB, but they have also compromised other devices as well.  Since many ransomware hacks have delayed enabling, people are unaware that they are putting malicious information on to their storage device.

The most important fact about disaster recovery is that there is no perfect solution.  Hackers and ransomware are evolving as much as the security designed to stop them.  That is why it is vital to keep your disaster recovery plan top of mind as your business grows and evolves.

There are countless examples of people how thought a simple or manual solution would be enough only to learn first hand that they were not properly secured.  Hundreds of businesses get their information held by ransomware every year and for many of them it serves as a death sentence.  However, for businesses that utilize proper disaster recovery practices, these threats are minimal and easily mitigated.

The key takeaways are the following:

  1. Have more than one redundancy.  If you have an on-site solution, consider adding a remote cloud backup to ensure your data is safe.
  2. Check and make sure your disaster plan is current with your business workflow no less than once a year.
  3. USB drives can be compromised.  Unplugging something doesn’t ensure safety.
  4. Your backup process should be tested 1-2 times a year to ensure efficacy and timely access.
  5. Don’t try to figure this out for yourself.  CBS and other companies have specialists that can walk you through this process to ensure you receive proper solution.

Your data matters!  Make sure it is protected.