If security were as simple as a lock and key, we would not be experiencing a meteoric rise in the number of attacks and breaches. However, while there is no simple lock and key solution, there is some simple, common sense, tried, and true best practices that every company should be implementing. So, before you invest in a bunch of costly new tools, make sure you have these best practices in place.
11 Ways to Foil those Masked Bandits
Install Patches – Most attacks exploit known vulnerabilities for which there are patches. Make sure you’re installing all the latest patches that are available. Simple as that sounds, it’s actually very effective.
Limit Access – Do not give admin rights to too many people. Make sure that the people who have those rights are genuinely trustworthy. And, keep an eye on them.
Firewall Rules – When it comes to network traffic, make sure that your firewall rules are not overly permissive. You should not be allowing traffic that has no business justification.
Access – Data theft by insiders is not just costly; it’s more common than you might think. Limit the access you grant to employees while on your network. And, lockdown everything that’s not needed.
Network Segmentation – This is a simple but important strategy for containing attackers by limiting the lateral movement of attackers. Use firewalls to restrict traffic to and from those network segments where your critical data is stored.
Automation – Attackers use automated tools to scan and identify vulnerabilities. You should be using automation, too. You can easily, for example, automate basic security tasks such as analyzing firewall changes.
Visibility – Since you can’t protect what you can’t see, make sure that you have complete, up-to-date visibility into every aspect of your complex network. And the ability to actively monitor system configurations.
Documentation – Make sure that your security policies are documented in a knowledge database. You want everyone – network admins, security staff, even application teams – to have at least a basic understanding of what’s going on and why. You can’t keep up with rule changes if you don’t know what the original rules were.
Integration – Security should be integrated into operations and business processes, not bolted on as an afterthought.
Education – Educating insiders and outsiders alike, and providing periodic training, goes a long way toward ensuring security awareness. Think of security awareness as an ounce of prevention that’s worth a pound of sure.
Metrics – You should have meaningful, defined metrics to check and assess your security measures over time.
Resources for Foiling those Masked Bandits
Liberty Grove recommends two great sources for up-to-date information on security. Check out www.malwarebytes.com and www.darkreading.com. Both have newsletters that you can subscribe to for the latest updates and stories.
You can also contact us by calling 630-858-7388 or emailing firstname.lastname@example.org. We would love to chat with you about the security features in Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central.