[BreachExchange] Four Ways to Improve IT Security on a Limited Budget
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Jul 12 19:37:24 EDT 2018
http://itbusinessnet.com/article/Four-Ways-to-Improve-
IT-Security-on-a-Limited-Budget-5484720
As overall IT budgets grow tighter, it becomes more challenging to improve
IT security. In a recent IBM security study polling more than 2,800 IT and
security professionals, 69 percent reported that funding for cyber
resiliency is insufficient.
But even as IT security threats continue to evolve, it's the more
fundamental IT security improvements that can provide the most foundational
protections for data security. Based on that understanding, here are four
ways to improve IT security on a limited budget.
Use Layered Security Processes & Technologies
Every business needs to have a layered security approach to thwart cyber
attackers and hackers. The importance of patch management cannot be
overstated-confirmation of updated operating systems and applications is
paramount. It's important to install antivirus, spam detection, and
filtering software on each computer, while also protecting the network via
proper firewall configuration.
Encryption algorithms and keys play a critical role in preventing hackers
from getting sensitive business information. This can be useful for data
both at rest and in transit, as well as for portable media and device
access.
Every business is operating in the age of mobility where their workforce is
often operating remotely. Consequently, mobile device management (MDM) and
security are a vital part of IT security. Some of the ways to implement MDM
are through the use of sign-on passwords, data encryption, and wireless
connection encryption when using public networks.
Next-generation firewalls are a foundational element of preventing outside
attacks to the network. Today, integrated firewall/VPN client solutions can
automatically enforce fine-tuned security across a business's network, as
well as remote offices and on an individual user level. The many features
of VPNs and next-generation firewalls enable administrators to centrally
manage security policies, implement rule-based access controls and define
policies for different user groups.
Having an identity and access management strategy is vital to cloud
application access and should include single sign-on, multi-factor
authentication, role-based access control and least privilege, behavior
monitoring and privilege identify management tools.
These can all help rapidly and systematically restrict access to users if
required and can define security policies by individual, group, or
organization. The goal is to ensure that anyone accessing the network or
the internet has authorization and that all data in transit are protected,
while also protecting the network from infiltration.
Educate Employees, Create and Enforce Security Policies
Humans pose the biggest security threat, whether through error or
malevolent actions. Since most threats are error-based, education becomes
crucial. By creating clear policies for employee behavior and educating the
workforce on those policies, businesses can significantly lower the risk of
a data breach, malware, or other forms of cyberattacks.
It's imperative to keep these policies updated and made part of the
employee handbook. The best way to improve your IT security is to train
your employees on best security practices.
Conduct Network Vulnerability Assessments
Having a security expert assess your IT network for weaknesses and
vulnerabilities is a must for every business. This should be a periodic
process, because vulnerabilities can occur with any changes to the network.
This process should go hand in hand with patch management and software
updates. Of course, having IT support to act on the assessment is vital to
closing the vulnerabilities.
Cloud Backup and Disaster Recovery
Every day seems to bring new reports of high-profile ransomware attacks.
The best defense against these and other attacks that can cripple
businesses is to have a solid cloud backup and disaster recovery plan.
Restoring from a data backup is the best-and sometimes the only way-of
recovering from a ransomware attack.
Backup and recovery services are a crucial part of end-to-end IT security.
Today, many businesses are taking advantage of incremental backup in the
cloud, which can be both automated and cost-effective if done correctly.
For businesses that utilize colocation services, cloud backup can provide
server consolidation in which a single server stands in for multiple
virtual and physical servers. In this case, hosted disaster recovery
services can provide high availability to the production server
environments as part of their backup infrastructure.
Whether a business has onsite IT support or not, having access to a skilled
managed IT services provider with security expertise can play a major role
in supporting IT security. Regardless of budget, every business can take
advantage of all of these IT security methods. As with all security
approaches, a solid foundation comes from being thorough, vigilant, and
educated in order to keep your data and network infrastructure safe.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180712/8da1c495/attachment.html>
More information about the BreachExchange
mailing list