Taking adequate precautions to secure your data is imperative to ensuring you are meeting your responsibilities as a business and doing the right thing by your stakeholders.
Data security in a modern connected enterprise is paramount and security breaches can have major and lasting consequences. Whether you are talking about the loss of Intellectual property (IP), financials or general business data, anything that may be useful to third parties in attacking or targeting your business should be secured appropriately.
You can read more about your legal responsibilities regarding data protection here.
There are three main areas in relation to data protection:
- Physical – physical equipment e.g. Flash drives and CDs/DVDs, computers, server and network infrastructure, phones and other network connectable devices.
- Network – the ‘data’ layer, internal network configuring, security groups, user accounts, restriction policies
- Cloud – Services that you use provided by a third party which typically you have limited control of, e.g. Office 365, etc. You may have administrative capabilities in terms of creation users and managing permissions, but the important security protocols and procedures are ultimately controlled by the host company.
You can find our article about physical protection here. We will cover Cloud protection in a future post.
For now, we will talk about network protection, what it is and what you can do to protect it.
Simply put a network in IT terms is a digital telecommunications network which allows nodes to share resources. In computer networks, computing devices exchange data with each other using connections (data links) between nodes These data links are established over cable media such as wires or optic cables, or wireless media such as WiFi.
Network protection refers to the configuration of a network in a way that will protect the systems from being compromised. The ways that the network can be protected includes:
- Domain security;
- Endpoint protection; and
- Change policy.
Each of these will be covered in more detail below.
Domain security is a basic security measure for any organisation. The term domain is related to a Windows environment; however, the principles discussed are more widely applicable.
In a well structured environment, configuration is clearly defined outlining which users can authenticate and have access to computers, are part of security groups and have been allowed access to certain resources providing only the minimal set of access for the user to perform their require role or task. This seems quite logical, and it is, however what can end up occurring is a configuration that was not clearly thought out and ends you being either too restrictive, hindering productive workflow, or too open and therefore not adequately secure. A balance is essential.
Further to consideration during implementation, domain security is an ongoing conversation and should be regularly audited to ensure it functions and remains secure whilst working with, not against users.
Whilst mobile, desktop and server security is taken care of through domain security, it is imperative to consider access for the network traffic that travels in and out of your organisation. This is where the use of an appropriate firewall comes in to play.
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
A rudimentary home/business internet service relies on basic security for protection, this is either a built into the end devices operating system product like Windows Defender or via a third-party protection agent like McAfee or Symantec.
Best practice is for a business to have a dedicated firewall that sits between the internet and the internal network. Next generation firewalls like Sophos UTM or Cisco Meraki provide an enterprise grade firewall with advanced features like:
- Intrusion Prevention;
- Web Filtering and protection;
- Email Filtering and protection;
- Advanced Threat Protection (file analysis and Quarantine before it reaches your device);
- Wireless protection and configuration; and
- and more.
The use of these devices can significantly reduce the likelihood of a successful malicious attack such as phishing or cross-site scripting (XSS).
Whilst a firewall is designed to protect you from threats on the internet, there is still a concern with items that may make it through a firewall or are directly loaded on to a computer, e.g. from a flash drives or CD/DVD.
To provide this type of protection, each end device, e.g. computer or server should have an enterprise grade antivirus suite installed. Options include Symantec, McAfee & Sophos Endpoint protection.
A general rule of thumb would be to stick with some of the heavy hitters in the industry, they may cost a little more but are generally patched more regularly and have a higher chance of catching potential threats before they occur.
Whilst all previously detailed measures are important, their effectiveness can be significantly reduced by not utilising a proper change policy. One of the most critical problems found in businesses of all sizes come from changes that are made in an emergency or settings that are changed to work around an issue.
Emergency changes like this are often a result of an application, user or business being unable to perform a certain critical task and the quick and easy fix is to turn off a security measure or open access up a little more. While this is sometimes unavoidable and necessary, there needs to be consideration to the steps taken after the change is made.
Change policy dictates certain rules around either the implementation or handling of changes before and after the fact. Changes that are expected to have a major impact should be planned before hand and back out plans detailed prior to any work being completed. In the case that something goes wrong and an appropriate fix cannot be implemented, a back out plan to revert to a previous configuration should be implemented. Once the environment is secure again, you can then begin to review the change made and the impact, explore reasons for the malfunction and plan to resolve the issue for a future attempt.
Although it would be nice if life worked like this all the time, emergencies do happen, and emergency changes may need to be implemented to resolve an immediate issue. This usually happens when changes occur in environments, applications or appliances you don't have control over, or because of changes made that cannot be reverted. The issue with an emergency change is not so much that it happened, rather what actions are taken following this to ensure security is not compromised. Rather than leaving a potential hole in your protection, review the issue and attempt to implement an appropriate, permanent solution.
Maximise your investment
Having a firewall, endpoint protection and domain security is not sufficient if you aren’t taking advantage of all the features these products offer. This can be a little overwhelming. Understand your product and the licensing you have and make sure that all the features available have been turned on or at least reviewed for usefulness.
Most products can be installed out of the box and plugged in or turned on and start working immediately, but that does not necessarily mean you are getting full value or protection.
All too often, equipment with advanced licensing is installed with only basic featured turned on. This causes security holes. On the other hand, too many features can cause performance bottle necks.
F1 Solutions has over 23 years’ experience in IT solutions and support. We have worked with organisations of all sizes, tailoring our solution to meet their individual needs. Our team offers infrastructure security consulting to assist you in setting up policies and procedures that best suit your organisation. Contact us to find out more.
About F1 Solutions
For over 23 years F1 Solutions has been building quality software solutions for Federal and State Government departments, small and large not-for-profits, and businesses in Canberra and across Australia. We also provide organisations with trusted IT support and advice, as well as a range of other services.
- IT Support