As security issues grow more and more prevalent, we CIOs need to improve our environments. We often forget formality and become too casual making life too easy for our user community for our own good. Here are some quick things that can be done in short order to help improve security at your business.
I truly wish this went without say… but more often than not, I continually encounter non-expiring passwords in our client networks. Worst yet is that most of these are accounts with administrative privileges. That’s just bad. Start here, and get your administrative passwords on an expiration cycle, then move on to the user community.
Password Character Inclusion
Yes, we’re going to harp more on passwords. Force the inclusion of non-alpha-numeric characters. Punctuation and symbols go a long way in changing things up. For example, “iceage” becomes much more secure if it’s “1ce-@ge” yet can still be remembered.
Keep Hardware Use to Internally Provided Gear
I have personally witnessed this… once… someone bringing in a hard drive from home to starting to copy company assets to a non-company owned piece of equipment. While Bring Your Own Device (BYOD) is certainly an up and coming strategy, that doesn’t mean that it’s a free-for-all out there. The more we can supply our user communities with appropriate equipment, they less they’ll feel the need to bring their own gear.
Let’s not even talk about how easily viruses and worms can enter a protected, company network by simply plugging in a hard drive from home…
Manage the Mobile Devices
Yep, keeping control not only makes it easier to support going down the road. Mobile Device Management (MDM) software provides your company with the ability to set and deploy remote policies such as content filtering. Our own AVG Cloudcare services allows our clients to manage policies and even back up mobile devices to the cloud, all from a central location.
The mobile device age is here. Just make sure that the devices you support have remote wipe and location capability. It will make your life much easier when something gets lost or stolen. Remember, the damage is not the $1000 device that was taken, but the exposure of the data on the device. While most thieves are truly after the hardware, it’s not worth the risk of deploying non-remote wipeable hardware.
All said and done, there are some simple and quick to deploy techniques that can dramatically improve network security. Try some of these and let us know in the comments area below how it worked in your company.