Servers Under Attack
Computer viruses, worms, and hackers have threatened users since the beginning of the Internet. Anti-virus programs and regular software updates used to be sufficient to protect a company's on-line interests.
Unfortunately, as in any ecosystem, these threats evolve over time. On today's Internet, a comprehensive security strategy which implements multiple layers of security and constant vigilance are necessary to protect your business and your customers.
Dave Sill, internal network operations manager here at Socket, offers the following tips to keep various aspects of your business network secure.
Anti-Virus Programs and Policies
Desktop computing is the easy part of the security equation today. Virus definitions and operating system updates need to be downloaded and applied regularly. Firewall appliances can offer good protection if they're properly maintained, but too often they are "set and forget" systems.
Good policies need to be set and enforced and employees need to be well trained to avoid social engineering and spear phishing attacks. If your employees are allowed to BYOD ("bring your own device"), provisions need to be made to ensure each device is secure and will protect proprietary information if lost or stolen.
Web and Email Servers
Many companies also manage their own web and email servers. Handling these functions internally can be appealing for a number of reasons, but it increases a company's assailable "surface area" and complicates security.
As with desktops, software updates, anti-virus and strong passwords are critical when implementing a server. Turning off unused services and restricting remote management access can mitigate risk and regularly reviewing server logs may help identify attacks. Mail servers have to be properly configured to prevent spammers from using your resources and getting your system blacklisted. "Off the shelf" web applications need to be updated and secured like any other piece of software and custom web applications need to be properly secured against SQL injection attacks and other threats.
Office Equipment
Office equipment offers a more complex challenge to the business Internet user. How many electronic devices other than computers are connected to your network?
Wireless access points, printers, conference phones and many other common devices are essentially special-purpose computers. They run software which has to be updated and can be compromised just like a desktop or server. These devices tend to "just work." When they're ignored they can provide a back door into your office network and customer and employee data.
Everyone knows desktop security is important in an age where financial transactions and purchases are made online. As a business owner, it's critical to understand and address threats not just to employee desktops but also to servers, cell phones, printers and every other device connected to your network. Computer criminals prey on those who don't update and harden their systems. Being proactive with security saves time and money spent cleaning up after virus infections and data breaches. More importantly, it shows your customers and employees you care about them and their private data.