Computer and network security: Everyone knows they should be doing it better, but no one really knows all the best ways to do it. The computer security profession is a large and varied one, so — obviously — opinions vary about best practices and solutions. But believe it or not, everyone agrees on the single-most effective way to keep your computer safe in our digital era: Don’t use a computer.
Unfortunately, that’s not really practical for most people. So instead, we snooped around for what measures computer security professionals use to secure their own machines. (Obviously, one of the best measures is not to release all of your security methods, so we got the cream of the crop.) The skills and knowledge of being an expert computer security professional can take years to learn, but it’s always possible to glean a few tidbits of knowledge from the pros.
Take online security seriously and respond quickly
News outlets were buzzing after an article published on medium.com nailed Panera Bread to the wall for failing to address a massive user data breach for eight months. That breach allowed anyone to view customers’ full names, addresses, dietary preferences, and email addresses. Their IT team didn’t fix it and their leadership didn’t handle it when it was brought to their attention. That’s not exactly the example to follow.
Whether you’re speaking in terms of public relations, data security, or loss of productivity, there’s never been a more important time to take digital security seriously. You wouldn’t leave your car running in a parking lot while you went inside for half an hour, so don’t leave your (and potentially your customers’) data vulnerable online.
Update your software — now, not later!
We were actually surprised by this consensus opinion. It’s so simple, yet, we’ve all been guilty of clicking “Remind me Later” when some program wants to update. There’s a reason that software is updating: Its team of dedicated, expert programmers have patched something. Many times, it’s a security loophole or some part of the program that allows a vulnerability into your system.
With that said, do something you might never have done — read the release notes. Figure out exactly what the update intends to fix, and then head to the forums. See what other people are saying about the risks involved with the update. If you’re already behind a version, then take a moment to weigh whether or not to update to, yes, yet, another version that might also have holes. That’s what the pros do.
Remember when security experts found a flaw in High Sierra? That’s the perfect example. You might have dodged a bullet by not updating, but not without checking the news.
It may be hard to believe that one of the most important lessons of online and network security is performing software updates as soon as possible, but it’s one of the best ways to keep your computer and network safe. It’s almost always a hassle, but it’s definitely always worth it.
Be miserly with your permissions!
Every CompSec pro is privy to the basic, fundamental rule of network security: The Principle of Least Privilege, which basically asks “how few permissions can you give each user?” Yeah, needing to ask your IT team to turn on your speakers because of insufficient permissions is incredibly annoying — no one knows better than the IT team. But by keeping everyone’s permissions as restricted as possible, you minimize potential problems, including your own.
Imagine your network like a house and a hack like a break-in.
Example 1: You have valuables in every room of the house, but there are no doors to those rooms. Whether a thief breaks in through the window, the garage, or by picking the front door, they can get at everything by breaking in once.
Example 2: Every room in the house has a locked door, and all valuables are placed inside safes. If our thief gets into one room, they can’t get to the hallway and into another room, and they might not even get anything out of that room.
Obviously, it seems a little paranoid to live that way. But, let’s face it, CompSec pros are a little paranoid. Keep your “rooms” locked, put your valuables in a safe place, and when you throw a party, close it all up. In other words, administer your network with multiple user permission levels and restrict accesses carefully, based on how few permissions can be doled out.
Prepare for the worst: Do your backups
You know what the scariest part of working in 2018 is? It’s entirely possible that next time you turn on your computer, every file on it could be lost. There are hacks that hold your hard drive irretrievably hostage, there are environmental disasters that ruin your servers… even a simple burglary can make accessing your data impossible. Are you prepared for that?
Performing a backup of essential files and storing that backup somewhere geographically different from your hard drive could mitigate most security failures. There’s a lot to learn about how to keep computers and networks safe, but knowing how to retrieve stolen, lost or hacked files could be a lot easier and maybe just as important.
Update software, backup your data, and restrict user accesses – those three steps alone could potentially save you and your company hundreds of hours and millions of dollars. But in all of these examples, what you and your network security team should be asking is, “Do we even know what our company’s policy is?” These tips don’t even scratch the surface of everything there is to learn about computer and network security, but good security starts by asking questions and finding out the answers.
Last tip: With all that said, don’t feel bad if you’re doubting your company or team is doing enough with security measures. When asked, “What do security professionals do to secure their personal computers?,” almost all network security professionals have the same answer: Not enough. You can always do more, so get started today!
Want to learn more about how you can secure your organization’s network? Contact me directly to find out and ask about how CBT Nuggets could be the right training solution for you at firstname.lastname@example.org.