In my last blog post, Network Security 101 – Viruses, Malware and Ransomeware I spoke about protecting yourself and your business from malware and viruses. While concentrating on securing the perimeter of your network is important, the possibility of internal security attacks is not to be overlooked.
Passwords remain the number one vulnerability in many organizations. Most people today have five to ten other passwords to remember and have a tendency to use the same password for email accounts, associations, etc. Password policies can go a long way to mitigate any risk, but to make it effective, you have to ensure that the policy is not too rigid or employees will find ways to get around it. They will write the password on a piece of paper, stick it under their keyboard, or simply find a keyboard pattern that is easy to remember but also easy to guess.
So how do you keep passwords secure and shared files from finding their way into the wrong hands? By following the tips in the list below you’ll be on the right track to secure your organization against internal incidents:
- Do not make users local administrators on their computers unless you understand the consequences of doing so.
- Setup shares on file servers properly using proper permissions via Active Directory groups.
- Create user different folders and different shares for specific users and purposes. Do not share everything in one common folder and grant employees unlimited access.
- Always work with standard-privileged user account.
- Stop allowing users to install their own applications.
- Enforce an appropriate password policy. Changing passwords too frequently will simply encourage users to write their passwords down on paper. Instead, educate your users to create considerably long, but easy to remember passwords like “I love my family since 1977!”.
- Set password retention to every 90 or 120 days.
- Implement application whitelisting. For example, you can tell the system: “let programs only run from within the C:\Windows, C:\Program Files and D:\Business Software folders”. As a result, no virus can be started from the flash drive E:\, as well as unwanted software from the Desktop folder. If an untrusted executable was accidentally downloaded from a website or received by email, it would not run if it was stored in a User Profile within either Temporary Internet Files or %Temp% folders, as those would not be permitted by the policy.
These tips are just the beginning. The certified consultants at Atlantic DataSystems have plenty more security tools that you can use to protect your content. If you have any questions or concerns on your network security, please contact one of our certified consultants to discuss your security needs. Check back next week to read the next Network Security 101 blog post: Firewalls and External Threat Protection.