Information security can seem like a daunting challenge to a solo practitioner. The news media is full of stories about security breaches at large corporations that thought they had appropriate defenses in place. These corporations had professionals on staff and access to the latest security technology and were still hacked. How are solo practitioners going to succeed in defending their networks when these large corporations failed?
The good news is that good information security is more about process than technology, and is better achieved through discipline than large budgets. This is similar to physical exercise being more about the level of activity than the equipment that is used. The following are a few simple exercises that when followed can dramatically increase the chances of defending your network against attacks.
- Apply software security updates monthly.
Criminals scan the Internet with automated tools looking for vulnerable systems that are missing patches. Applying timely software security updates will make a their job much harder. It is important to remember to apply patches for applications as well as for the operating system. Adobe Reader, Flash, and Oracle’s Java have become a favorite attack vector for criminals in the last several years.
- Backup your data and get it offsite every month.
I have seen many small businesses lose their important data because they never backed it up. It is sad because backups are easier now than they have ever been. There are several cloud-based services that will not only backup your data, but also copy out to a data center across the country.
- Encrypt everything.
Encryption is built into Windows 8 Pro and Macintosh OS X. There is no reason not to encrypt your hard disk. This not only prevents unauthorized access in case you lose your computer, it also prevents an attacker from using utilities to crack or bypass your password. USB drives and mobile devices especially need to be encrypted.
- Always use unique and complex passwords.
Hackers know that most people choose simple passwords and reuse them on multiple sites. Simple passwords are easily guessed and short passwords are easily cracked. A complex password of 12 characters that includes a combination of all possible characters is very difficult to crack.
- Test your security systems annually.
The only way to know if your system can hold up to an attack is to have it tested by a professional. Vulnerability assessments for small networks are not usually costly and can help identify weaknesses that often get overlooked.
About the Author
Joseph Granneman is CEO and principal consultant at Illumination.io, an information security firm. He can be reached on Twitter at @jgranneman.
(Image Credit: ShutterStock)