Organisations are leaving themselves wide- open to hackers and need to take immediate steps ito protect their intellectual property and customers’ personal records by re-assessing how they approach and manage their security.
According to Andre Mulder, GM of the Altiris business unit at First Technologies, many IT managers might think they have done enough to protect their systems from hackers. However, prevention is better than cure and they need to think smarter and keep one step ahead by taking the following steps:
* Epidemic threats – End users often introduce security threats to the organisation without even realising it. The demand for mobile devices is soaring, and there is a real risk that security threats from these tools could reach an epidemic level. IT managers can limit this danger by defining and communicating what devices can be installed on the IT environment and implement controls based on identifying elements such as serial numbers. With these controls in place organisations can specify “read-write” or “read-only status”, or completely disable access based on the type of device.
* Cutting the wire –Mobile media and wireless networks provides an easy avenue for distributing sensitive data but wireless access points can leave a company wide-open to threats. These are set up specifically by hackers to look genuine and to tap into crucial security information in any organisation. Rectify this by restricting access to wireless equipment and regulating the use of the company’s VPN at home, at the airport and from non-office locations.
* Malicious attacks – Implementing an end-point security solution often blocks malicious code and unsolicited network traffic from entering a system. Remember that when adopting this, IT managers need to ensure that users can’t get round the controls by renaming a file or by editing the registry.
* Fire fighting – Make up the foundation of a company’s security policy by implementing a firewall. This will help minimise unauthorised connections, protocol attaches and port scans. When implementing firewall settings, IT mangers should bear in mind that they need to be centrally controlled and should automatically adjust to user location.
* Cutting costs – Unfortunately traditional security mechanisms can no longer contain the rapid variations of threats. All IT managers should consider the benefits of consolidating their security and systems management. This reduces the costs of administration, staff training, operations and provides better communications and an overview of the network. In addition it improves visibility of security strategies and ensures a quicker reaction rate in case an attack should occur.
* Automation – Conducting an automated security policy audit can compare the system’s configurations against the company’s existing policy. Security issues can be rapidly identified and rectified. Automation also analyses whether a company is compliant with current security legislation.
Appropriate implementation of security policies can protect corporate information from attack. All IT managers should aim to reduce the possibility of an attack to their IT environment but more importantly, be prepared to act on and limit its impact should an attack occur.