7 tips from a security expert to implement now
By Lee David Painter, CEO, Hypersocket Software
Hardly a week goes by without a new data breach grabbing the headlines. Already this year, data breaches at mobile phone network Three, Wonga and Sports Direct have come to light. Not to mention the ransomware attack on the NHS and other organizations.
It’s tempting to believe that all attacks and breaches are as a result of shady hackers operating from halfway around the world – and that large organizations are always the targets.
However, in many cases, the cause of a data breach is much closer to home and as often down to poor password security, software vulnerabilities, simple human error, and abuse of access and privileges, as malicious outsiders. And there’s growing evidence that smaller businesses are being impacted too.
Network security specialists, Hypersocket Software counts organizations such as Cisco, Xerox, and Huawei among its customers.
As more and more organizations look to tackle their everyday security challenges, we offer seven steps to help smaller businesses avoid becoming a data breach statistic.
- Introduce IAM – Stolen credentials are a prime entry point to systems for hackers. Investing in fairly simple Identity and Access Management (IAM) technology means a business can be sure that regardless of how a network and data is being accessed, it’s being accessed securely.
- Use multi-factor authentication – One of the best practices for securing data is extending security around applications by using multi-factor authentication. That means to gain access to a system a user is authenticated by providing information on something they know and something they have. So, the first authentication challenge might be to provide a piece of personal information, such as their favorite football team or favorite color (something they know). The second challenge could be a time-limited token sent to their mobile with a reactivation code (something they have). Multi-factor authentication should particularly be used for granting access to privileged users.
- Limit employee access to systems – The fact that someone has established his or her identity as an employee should not result in unfettered access to all your systems. It’s important to work on the principle of least privilege to ensure employees only have access to the services they really need for their role. For example, an assistant in the admin team does not need administrative privileges on IT systems; a member of the sales team does not need access to sensitive financial information.
- Use a Password Manager – One element that can be lacking particularly in smaller businesses is security from the end user’s perspective in the form of a password policy and password management. Passwords are now so commonplace that people can become complacent with their use. Repeated, simple and obvious passwords can open the door for hackers. Ensure employees follow these five insider hacks for creating stronger passwords, and use a Password Manager. This allows users to store, manage and access all the systems they need with one password, enabling companies to make their password requirements stronger, longer and trickier for hackers to uncover.
- Don’t forget Self-service – Password Self-service solutions allow end-users to manage their own accounts and systems access without needing to call the IT helpdesk. So users can reset or unlock their password using multi-factor authentication. This means security can be enhanced as organizations can enforce a strong password policy.
- Don’t worry about the cost – Free versions of security software will serve smaller businesses’ needs and offer outstanding levels of protection at the same time. Many of the solutions mentioned above – including Access Manager, Password Manager, and Self-service – can be downloaded free of charge, quickly and easily. Visit websites such as Softonic, Hypersocket or Download to compare what’s available from different software companies and find a product that best suits your needs.
- Create a security-aware culture – Best practice in network, systems and data security needs to be enshrined in a strong and well-communicated security policy. It should be embedded with a company’s culture, rigorously monitored and taken seriously at every level – from the top down.
Comments Lee Painter: “Data breaches might appear to be getting more frequent and the hackers more sophisticated. The reality for smaller organizations, however, is that most data breaches are low level in their complexity.
That’s not to say they can’t have a damaging effect, but following these steps and employing security best practices throughout the business will go a long way to reducing the chances of a breach.”
About The Author
Lee David Painter, CEO of Hypersocket Software. Lee is a software developer turned entrepreneur who specializes in network security solutions.
In 2002 he set up his first business, 3SP Ltd, and created a suite of open source and commercial security applications. These included SSH APIs for Java and .NET and SSL-Explorer, one of the first open-source, browser-based SSL Virtual Private Networks.
During this time he also established SSHTOOLS. Beginning life as an open-source project in 2002, SSHTOOLS now provides vital SSH components to enterprise businesses. 3SP Ltd was acquired by Barracuda Networks in 2008 and Lee continued to establish SSHTOOLS and then moved on to set up two new businesses:
Nervepoint Technologies and Hypersocket Software. Each business focuses on creating more secure IT environments by providing tools and software to tackle the IT security challenges that organizations face every day. Nervepoint Technologies offers password management solutions and counts organizations such as CISCO, Symantec and Xerox amongst its clients, while Hypersocket Software provides enterprise and professional-level network security and remote access management software.
Lee at email@example.com, https://twitter.com/hypersocket and at our company website http://www.hypersocket.com/