With reports about data breaches capturing headlines in the last month we thought it time to revisit advice offered at last fall’s Technicity event in Toronto, which focused on cyber security. Andy Papadopoulos, president of systems integrator Navantis, and Paul Weatherhead, CTO of Digial Boundary, offered tips to improve enterprise security. “It’s the small stuff that will eventually bite you in the butt,” said Papadopoulos. All images from Shutterstock

 

Get patched

Experts say it over and over again, because it’s true: One of the best ways to ensure security is to keep all operating systems and applications up to date. But a recent Cisco Systems survey found an amazing number of organizations still running an old version of Java.

Image from Shutterstock Shutterstock.com

Use the regulars

That is, the regular defences: Anti-virus, anti-malware, anti-spyware. they’re not old fashioned — yet. They offer good, basic protection that every organization still needs

Image from Shutterstock.com

 Communicate

Make sure staff know what your security policies are. “If they don’t know they have an excuse” when things go wrong, Papadopoulos said.

INSIDE Communicate SHUTTERSTOCK

Check it twice

Eighty per cent of vulnerabilities are created because someone misconfigured something, Papadopoulos said. Lesson: Double-check changes to security configurations before making them live.

INSIDE double check SHUTTERSTOCK

Play doctor

Run regular health and security checks against key applications, Papadopoulos said. That way you know if you need to patch.

INSIDE Health SHUTTERSTOCK

“Think like a firewall”

Remember, says Papadopoulos said, the first option in set-up is “deny all.” And that’s where you should start. Then think about what data you want users to have access to.

INSIDE Thinking SHUTTERSTOCK

Be prepared

Most incident response plans aren’t very comprehensive, said Weatherhead. IT staff at one financial institution he knows of had lots of security policies, but when it was hit with an intrusion staff panicked and shut off firewalls and Web servers. Not good for business.

INSIDE Plan SHUTTERSTOCK

Close the door

When staff leave make sure their access is cut. “You don’t want your data leaving with them,” said Papadopoulos. However, many organizations fail to remember this basic fact.

INSIDE Door SHUTTERSTOCK


Previous articleCES 2014 Product Roundup
Next articleEight more security best practices
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com