IT security professionals should rely on personal vigilance and implemented methodologies - not just the slew of new products hitting the marketplace - to protect their networks in 2007.
Perimeter eSecurity, a Milford, Conn. based email security firm released its seven New Year's resolutions for end users and network security pros this week, urging them to change their own behavior to help protect networks.
Andrew Greenawalt, Perimeter eSecurity founder, said in a news release that organizational steps can help to secure a network without time consumption.
"It doesn't take very long to enhance the security of a computer or its network," he said. "Whether you have a small business network or a vast business enterprise, these seven steps are imperatives to optimize your e-security as the New Year approaches."
- Change every password before the year's end. By taking this first step, you will enhance the security of every online commerce site visited, every computer, and every other password-protected device or website in use. Avoid easily discovered passwords, such as names or numeric series. Change your passwords at least quarterly in 2007.
- Download patches and updates. Even some off-the-shelf computer security programs offer downloadable updates or "patches" capable of detecting the newest viruses and closing "backdoors" that hackers have discovered. Operating systems should be patched and upgraded at year-end, and regularly as well.
- Hire a hacker. The holiday lull is the perfect time to conduct a "penetration test" to pinpoint weaknesses in a network's security. These tests emulate a hacker's invasion of a network; but rather than attacking databases and network tools, these scans identify specific vulnerabilities and propose solutions.
- Conduct regular e-security check-ups. Automated, monthly remote risk assessments can be conducted for less cost than a single onsite review. These tests assure that confidential data is as secure as possible from external attack. In a hacker prone era rife with data theft, high levels of spam, and increasingly innovative computer fraud, waiting a full year between assessments is no longer a viable option.
- Communicate your data security policy. All personnel should be briefed on the importance of protecting confidential customer data. Disseminate a policy on how and when, if ever, this data should be included in unsecured email correspondence with customers and others. Implementation of an encrypted email system would be a major security step forward.
- Keep your network virus-free. A thorough evaluation of your network is essential to protect entry points (such as email attachments, shared files, infected websites, downloads), and to minimize infection. Simply installing anti-virus (AV)software is not enough. The AV system still needs to be monitored to make sure the most recent definition files are updated on all devices and you are alerted when a device is not "up-to-date." Look to providers which offer a full suite of AV services that can keep current with fresh outbreaks.
- Consider "giving up" on do-it-yourself security. The New Year is a good time to consider outsourcing network security to a company dedicated to keeping up with the latest demands of computer network security.
Click here to email Copy Editor Greg Masters.