By Satyendra Tiwari, Lepide Software
While it may be impossible to completely prevent all types of security breaches, there are certainly steps you can take to make sure you don’t become another headline. The majority of security breaches come as a result of insider abuse and misuse – so it is imperative that you take steps to actively audit and monitor what your users are doing and make it as difficult as possible for a breach to occur through error or intent.As every organization is different it’s difficult to produce a conclusive list of best practices. However, here are a few policies that we believe every organization will benefit from implementing:
1. Formulate a complex password policy: It can be tempting to use simple passwords that are easy to remember. However, a simple password is an easy target for hackers. A complex password policy can go a long way towards keeping your network secure against outsider attacks. To prevent insider abuse you must train users to make them aware of the dangers of sharing passwords with colleagues or writing them down.
2. Manage inactive accounts: Whenever a user leaves the organization their account becomes inactive. If you don’t have a scalable means of managing and cleaning inactive user accounts, you leave yourself open to the possibility that they may get misused. Ideally you need to be producing detailed account status reports, and generating real-time alerts when accounts must be deactivated.
3. Security log auditing: Auditing Windows security logs can with securing the Active Directory and other network resources. Windows event logs can tell you a lot about what’s happening inside your critical IT systems. However, it’s not always easy to read cryptic event logs and quickly piece together the information. Thankfully, there are a number of solutions that simplify this process that are worth looking in to.
4. Take regular backups: However strict your security policy is, a breach may still occur. In this case, it’s important to get Active Directory and other systems up and running again as quickly as possible. The best way to do this is to ensure you take regular backups of all the servers from which you can easily restore corrupted data. In some cases, backup files might also be at risk of corruption or theft, making restoring data incredibly difficult. This is why we recommend you make use of a solution that stores your data in multiple secure data centers.
5. Download security and enhancement patches regularly: Up-to-date software is much more difficult to attack or abuse because it will have the latest security measures in place. Microsoft releases security and upgrade patches on a regular basis to help you keep everything up-to-date.
6. Skim network assets for rogue hardware and software: Are you able to instantly see how many users in your organization are using detachable drives like flash drives? Can you tell if there is a sudden surge in the use of such drives? Naturally, if there is an irregularity in the use of any hardware or software it could indicate that something is wrong or that some malicious behavior is taking place. Comparing network scans to known inventory – i.e. “list of safe assets, both hardware and software” – is vital in helping to identify any hazardous device or software that may be in the network.
7. Observe and analyze web traffic: There is a wide range of hostile and intrusive pieces of software that can reside in your network without being detected in order to transfer data to external sources. Comprehensive network traffic reports will tell you when number of outbound connections or volume of data abnormally increases. Unusually high traffic – such as the case when illegal software is being downloaded, for example – should be reported immediately by your traffic monitoring software or firewall application.
8. Train your users: Most organizations know the importance of user training and employee awareness, however, it’s often assumed that once training is complete there is no need to revisit it. With security threats constantly evolving, it is important that you regularly train users in best practices. Well-trained users that understand the nuances of security threats are more likely to notice and report vulnerabilities in the system and network.
While this is by no means an exhaustive list, by implementing the policies in this list you will be contributing to a more secure environment. For some, it can be quite daunting to see the sheer amount of tasks that it takes to maintain a secure environment. If this is the case for you then it might make sense for you to deploy a specialized solution that proactively performs all of these tasks from a centralized platform – making it that much easier to mitigate the risks of insider and outsider security breaches.