Network Security Best Practices 2015
As an IT professional or MSP, securing your clients' sensitive data has become increasingly important as more and more data is archived in cloud storage and the number of data transfers increases. A comprehensive approach to network security is a must to protect data and your clients from costly data breaches. These best practices from 2015 will help.
Network Security Now More than Ever | Causes of Data Breaches
The need for network security has never been higher based on data from 2015. In 2015, businesses experienced a 8.1 percent increase in data breaches over 2014, representing nearly 40 percent of U.S. data breaches tracked by the Identity Theft Resource Center (ITRC). The Banking/Credit/Financial industry fell prey to nearly double the number of breaches occurring in 2014. And experts agree that the actual number of breaches is much higher than what is reported.
What is the cause of these data breaches? Hacking is only part of the story, accounting for almost 38 percent of all data compromises. Employee error/negligence was the second most common cause of data breaches in 2015, with accidental email/Internet exposure accounting for nearly 14 percent of all compromises.
Other causes include:
- Insider theft
- Physical theft
- Subcontractor/third party
- Data transfer
That's why leaders at organizations with sensitive data (everyone!) need to think comprehensively about network security.
Encryption and Firewalls | Top Network Security Best Practices
Encrypted data and firewalls are good first steps, but these best practices will help to secure an entire system.
- Monitor user activity. Because data breaches can occur from within an organization, keeping an eye on user activity makes it easier to detect suspicious activity—whether it is from within a company or from a malicious outsider who has obtained insider log-in information.
- Beware of scams. Sometimes hackers try the easiest way to access sensitive data: they simply ask for it. Of course, they may pose as an IT representative, but employees need to be aware of what a legitimate request for information looks and sounds like and what is likely a scam.
- Create specific access limitations. Limit exposure of sensitive data by giving users access to only the systems they need to do their work.
- Monitor applications with access to data. Applications put data at risk by giving access to data that may be firewalled. Hackers will use these vulnerabilities, not a broken firewall, to access data they want.
- Collect detailed logs of activity in all systems not just for security reasons but for troubleshooting purposes.
- Stay current with security patches. Hackers are constantly developing new techniques for accessing data. By keeping software and hardware up to date with new anti-malware signatures or patches, one can help keep data secure.
- Educate and train users, especially on how to recognize phishing emails, creating strong passwords, avoiding dangerous applications and taking information outside of the office.
- Outline clear security policies for new employees and vendors. Make sure new hires and vendors know IT security requirements from the very first day of employment or service. Include clear definitions of the requirements in contracts and service-level agreements.
- Create a data breach response plan to secure any vulnerabilities as soon as they are exposed and limit the damage a security breach can do.
- Maintain compliance with industry specific security regulations such as HIPAA, PCI DSS and ISO, which can help keep data secure.
- Create and install web application firewalls to detect or prevent common web attacks. If a company employs third-party hosting services, it must require firewalls.
- Encryption should be used on all laptops, mobile devices and systems hosting sensitive data.
See how your clients can benefit from the security and control provided by remote management from SolarWinds MSP (formerly LOGICnow). Get started with your free 30-day trial today!
Do You Need Help with an Identity Theft Problem?: http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html
10 Best Practices for Cyber Security in 2015: http://www.observeit.com/blog/10-best-practices-cyber-security-2015