With reports about data breaches capturing headlines in the last month we thought it time to revisit advice offered at last fall’s Technicity event in Toronto, which focused on cyber security. Andy Papadopoulos, president of systems integrator Navantis, and Paul Weatherhead, CTO of Digial Boundary, offered tips to improve enterprise security. “It’s the small stuff that will eventually bite you in the butt,” said Papadopoulos. All images from Shutterstock
Experts say it over and over again, because it’s true: One of the best ways to ensure security is to keep all operating systems and applications up to date. But a recent Cisco Systems survey found an amazing number of organizations still running an old version of Java.
Use the regulars
That is, the regular defences: Anti-virus, anti-malware, anti-spyware. they’re not old fashioned — yet. They offer good, basic protection that every organization still needs
Make sure staff know what your security policies are. “If they don’t know they have an excuse” when things go wrong, Papadopoulos said.
Check it twice
Eighty per cent of vulnerabilities are created because someone misconfigured something, Papadopoulos said. Lesson: Double-check changes to security configurations before making them live.
Run regular health and security checks against key applications, Papadopoulos said. That way you know if you need to patch.
“Think like a firewall”
Remember, says Papadopoulos said, the first option in set-up is “deny all.” And that’s where you should start. Then think about what data you want users to have access to.
Most incident response plans aren’t very comprehensive, said Weatherhead. IT staff at one financial institution he knows of had lots of security policies, but when it was hit with an intrusion staff panicked and shut off firewalls and Web servers. Not good for business.
Close the door
When staff leave make sure their access is cut. “You don’t want your data leaving with them,” said Papadopoulos. However, many organizations fail to remember this basic fact.