With hurricane season fading into history yet again, we can relax knowing our network and data are safe again. The dangerous storms have come and gone and we can focus on the next item on the to-do list. We’ve successfully saved our data and our jobs…or have we?
Although storms and weather get a lot of attention for the damage and outages they cause, there is another, more subtle danger that can be just as catastrophic to your network and to your business. In fact, over $250 billion each year is lost due to information theft. Not all of that is from brand name businesses either; a significant portion of that comes from small and medium businesses. Not only that, but over 75% of all information theft is committed by people who work for (or used to work for) the company stolen from!
I see a lot of companies who feel that they are not a target, as they are too small, or that their employees would never do something like this. And actually, some of them are even right. However, many companies find out after the fact that they should have been doing more to protect their network. There are several simple adjustments you can make to most networks to provide additional security and protect yourself from unwanted access to your network.
1. Change your passwords.
I know, I know. It’s annoying, it is way too difficult to keep track of all of those passwords. However, changing your password protects you from all of the people you may have loaned your password to. Of course, that wouldn’t include YOU, you never give anybody your password, do you?
2. Don’t use simple passwords.
Did you know that an average password guessing attack can find out a simple password in less than an hour? By forcing passwords to be at least 7 characters long, including characters from the various sets, and avoiding using words found in the dictionary, that same attack will take 5-6 months. (That’s why secure networks require passwords to be changed every 3 months.)
3. Lock accounts if passwords are mistyped.
This also prevents outside attackers from trying to guess a password. They will be stopped very quickly when the account locks, because no passwords will work, and the error messages change so that you wouldn’t know even if you typed in the correct password. Of course, you will get the occasional legitimate user who locks themselves out, especially right after they have reset their password in step 1, but again…what’s more annoying, unlocking accounts, or realizing that your data is the hands of your business competition, or worse yet, the 5:00 News.
4. Force computers to lock if inactive.
Almost all computers these days come with screen savers. Screen savers can and should be configured to require a password to disable. This allows people to leave their desks safely without having to save their work and close their programs. Most users don’t remember to do this when they get up, but networks can be configured to force this to happen. This prevents other users in the office from sitting at their desks and rummaging through their files.
5. Disable accounts that aren’t actively being used.
Once an account is no longer required, it should be disabled to prevent it from being used to access anything. There are many ways to access a network either locally or from somewhere remotely. Having an old username and password just makes things that much easier for former or current employees to get things they aren’t supposed to have.
6. Don’t let users have physical access to the server.
In worst case scenarios, users who are allowed to stand in front of a computer can do a whole lot of damage in a very short amount of time. Anything from changing files, to deleting them, to erasing entire computer systems. Would you let somebody have easy access to your personnel files? This can be just as bad or even worse.
The first 3 items on the list help protect from outside users. The other 3 help keep your employees on the right side of the law. I hear from many companies that they aren’t big enough to worry about these issues. My response to them, is that if they continue to be successful and continue to grow, they will reach a point where these steps will be not just recommended, but critical. It’s better to have these policies in place now, rather than after the fact, when it’s too late.
Should you have any questions about any of these security enhancements, InfoStream is here to provide guidance and assistance to ensure you have the safest network possible.