IT Security Fundamentals
IT Security is all about keeping your data secure. In very simple terms, your data should be accessible to those who have been granted access and not accessible to those who should not have access. Sounds quite simple doesn’t it?
There are many facets of IT Security that need to be considered. IT Security 103 builds on the previous IT Security 101 and IT Security 102 articles. This blog focuses on how you should be proactively managing your security.
Who is watching
Before we start on how to proactively manage your IT Security it is important to point out the one thing that must be done: Make sure someone is watching. What I mean by this is you check your bank statements to ensure there are no fraudulent transactions (you should if you do not), you may have a monitored alarm for your home or office or your car may have an alarm or recording device installed.
If your IT systems are not being watched you are not, and cannot, proactively monitor your IT Security. Every business should have someone who is allocated this task. The bigger the business, the more time consuming the task is. Being a smaller business does not make it unnecessary but being proactive about cyber security takes less effort for a smaller business.
The next most important step is to have a Security Policy in place. A security policy defines what it means for a system to be secure. In very simple terms it outlines what is acceptable and what is unacceptable for your company.
The web browser has become one of the hackers target applications of choice. Having you click on a particular site can make your web browser automatically download malicious software or potentially execute malicious code on the page.
Having your web browser patched and updated stops any known exploits from occurring. If you don’t have Web Protection, your web browser should be actively patched to ensure exploits cannot be used against any security weaknesses that may exist.
Anti-virus software can help you mitigate some exploits. Just like your patching needs to be up to date, it is just as important for your anti-virus software to be up to date. If your anti-virus software is not monitored and up to date, it’s the same as not installing security updates and patches. You become vulnerable to anything your anti-virus software is not ready to combat.
Web Protection monitors the web sites you are visiting and blocks any known malicious sites. We recommend everyone has web protection activated as it is a great aid in enforcing company security policies.
Unlike patching and anti-virus, web protection uses an online database of known malicious web sites, IP Addresses and URLs. Any known problem destination is automatically blocked and the user receives a message similar to the one below when visiting such a site:
In addition to enforcing security, most web protection software can enforce blocking of sites based on site category. This can be configured to reflect a company-wide policy which has proven to be very effective in policing non business related internet traffic.
IT Security Implications
Not having effective anti-virus, web protection and your systems and applications patched, puts you at significant risk of becoming a victim. A potential hacker does not need your username or password to access your data or compromise your systems. It is just not worth the risk to not be diligent with your IT Security.
There are many other things that can be done to be proactive about your cyber security. This article focuses on the basics which are a bare minimum that any business should have in place.
As always, we are here to help. Please contact us for any advice you may require.it means for a system to be secure.