Keeping your IT systems safe from data breaches is a lot like playing whack-a-mole: they’re a moving target and you’ll never feel like you got them all. What are the latest best practices for enterprise security right now? Let’s take look at four lines of defense you should be paying attention to including firewalls, secure routers, a WPA2 system and email security.
One firewall is no longer enough
Historically, it was enough to place one firewall around the perimeter of your network. But with the rise of BYOD, cloud-based services, and IoT, you likely need to implement a robust internal firewall strategy. Where should you place these fortifications? How about looking at communication between applications, especially in the hypervisor layer?
According to the VMware blog, “No one is paying attention to this area of vulnerability. The network infrastructure security teams are fortifying the perimeter, while the server teams are deploying IDS/IPS solutions. What has gone unnoticed is the East-West traffic that is flowing between virtual machines and the ease that an intruder could tap into these conversations.”
Use a secure router
Although routers are used to efficiently pass traffic into the network, they can also come equipped with security features that will outperform a firewall. This includes Intrusion Defense System (IDS) and Intrusion Prevention System (IPS) functionality, as well as Virtual Private Network (VPN) data encryption.
Have a Wi-Fi Protected Access 2 (WPA2)
Wireless encryption continues to evolve, and it’s important that your network evolves with it. WiFi Protected Access (WPA) came available in 2003, but even then it was only intended as an intermediate solution. One year later, WPA2 was launched, with a more secure and complex encryption code. However, it wasn’t until 2006 that devices bearing the WiFi trademark were required to use WPA2 encryption.
Some of those old devices are still floating around out there. If your equipment hasn’t been updated in a while, you could be vulnerable. Even if your equipment is newer, your router needs to have the WPA2 feature turned on. It’s worth checking. Without it, an intruder can potentially gain access to any of your most valuable data on the network.
Keep your email secure with improved training
1 in 131. That’s how many emails worldwide contain malicious data—the highest it’s been in five years, according to Symantec’s 2017 Internet Security Report. You know what’s worse? These emails have an open rate of 30 percent. (Reputable marketers can only dream of such success!) Here are a couple of ideas to use to turn your employees into a “human firewall.”
Start by finding out your company’s collective security IQ. You can do this with a simple survey or, perhaps, a “phishing drill” in which you send out a fake attack and see who bites. Once you’ve established that baseline of knowledge you can develop a more personalized training program.
Since successful email security is largely a mental game, keep email security top-of-mind by spreading the training out through the year and supporting it with factoids and updates in your internal communications. Consider sprinkling attack drills throughout the year. Unlucky clickers can be humorously called out at the next staff meeting, while those who successfully caught the offending email and reported it could be rewarded. The idea is to make it fun and entertaining while keeping awareness up.
Intel® vPro™ technology contains several useful features to help you stay ahead of cyber threats. For example, it supports a variety of identification factors such as fingerprint, Bluetooth proximity, protected PIN, and location detection. New 7th Generation Intel® Core™ vPro™ processor-based devices also support virtual smart cards and others factors from OEMs and hardware partners, giving you more choices for policy customization.
Unfortunately, breaches are no longer a matter of “if,” but “when.” Did you know that Intel® vPro™_technology enables you to perform a secure erase of a remote hard drive—even when it’s turned off?
Finally, we suggest considering this a long game. Cyber threats aren’t going away—and the best hope for success is to keep on your toes and never quit whacking.