0 comments on “Who Goes There?”

Who Goes There?

Physical Security

Cybersecurity has always been important.  Now, it seems, it’s becoming the new buzzword.  Everyone is concerned about it.  And they should be.  Although cypersecurity brings up thoughts of computers, networks, and data, there is another practical aspect that you might not think about.  And it starts with a simple lock.

Physical security as part of your complete data protection plan is easily overlooked.  But think of it this way… if a person can touch your equipment then that person can change your equipment!  He can cut cables, power down, damage, or even steal equipment, whatever he wants to do.  Physical security is the first step in your overall cybersecurity plan.

Perimeter Security

So, how do we keep those scoundrels out?  The first step is to consider locking the entrance to your building.  Yeah, I know many times that isn’t practical.  But if you can practically and legally lock your outside doors, then that’s the first best step in preventing unauthorized access to your equipment.

Motion-activated perimeter lighting will let a potential intruder know that he/she has been spotted.  The light, in itself, certainly won’t stop anyone bent on accessing your building, but it will illuminate the area.  And the last thing an intruder wants is to be bathed in a sea of bright white light!

ICU

Perimeter lighting is a good deterrence.  Couple that with a video surveillance system and you have a perimeter defense system that lights up your would be intruder while it makes a lovely HD video of his face that local law enforcement will want to look at.

Now, I know the first inclination is to run out to some big box store and get the latest, greatest, all-in-one, 16-camera video system for $500.  Trust me… it’s not going to work.  Oh, it will take video and maybe pictures, but you get what you pay for… in both equipment AND installation.  Installing a video surveillance system is like sword swallowing… it’s a job best left to the professionals!  A video surveillance system isn’t necessarily an inexpensive investment, but having the ability to let the intruders know you see them AND capture evidence for law enforcement justifies the cost of installation.

Inside Man

Like I mentioned earlier, many times it’s just not feasible to lock your outside doors.  But inside, well that’s a different story!  Inside your facility there really isn’t any excuse to not have an equipment room for… well… your equipment.  Routers, phone systems, firewalls, switches, servers, and DVRs all love living in equipment rooms.

Being that your equipment room door will be closed, it’s going to get hot in there real quick with all that equipment running.  Check with your favorite HVAC guy to determine the proper cooling unit size you would need for the room.  It’s good to have it independent of the building heating/cooling.  That 80 degree heating feels good in your office during the winter, but it will make your equipment room temperature soar.

Your equipment room should be centrally located inside the building, if possible.  And it goes without saying that it should be locked, so I’m going to say it… you’re equipment room should be locked.  Key locks are good, but cypher locks are better.  Cypher locks require the entrant to input a combination of numbers or letters to open the door.  You have passwords for you computer.  Think of this as a password for your equipment room!

You see?  Providing physical security for your equipment isn’t that hard, but it’s not necessarily inexpensive.  It all comes down to doing everything possible to protect your data and equipment.  And beefing up the ability to access to your data and equipment is the first line of defense in securing your network.

0 comments on “How’s your network security?”

How’s your network security?

Creating, upgrading, and maintaining you network is a full time job.  But are you doing everything available to secure your network against cyber threats?  Maintaining your network is the easy part.  Securing it takes a little more thought.

Let’s start with your OS.

Legacy software can be described as any program that uses older technology.  Generally speaking, not only is it hard to update legacy software, that software typically must use older hardware to run.  And the combination of old software that hasn’t been updated and old hardware is a recipe that hackers love to exploit.

If you’re still using Windows XP… stop it, already.  Windows XP is no longer supported and hackers know that there’s still a huge installed base out there.  1 + 1 = you’re increasing your chances of getting infected or hacked if you don’t upgrade to the latest OS.

Yeah, Windows 10 has its quirky bits, but what Windows OS doesn’t?  Going to Windows 10 will improve your PC security and it looks and acts enough like XP that there really is no learning curve. (Don’t even get me started on Windows 8!)  Saying that, one of the easiest ways to minimize your chances of bad stuff happening to your network is to ensure that you’re using the latest fully updated operating system and your applications are also up to date.

So, you have the latest OS and you’re running everything on newer hardware.  What happens if, even in spite of your best attempts at securing your network, one of your computers becomes infected with a virus, or worse… ransomware?

Save Early Save Often

Three words… backups, backups, backups.  If the data is mission critical, then not backing it up is just asking for something bad to happen.  If you have to re-image a computer on your network because it has been hacked or infected, then having a recent backup can mean the difference between success and getting eternally ridiculed from everyone at the office.

Just backing up is not enough.  Once the data is backed up, it should be taken off site.

If you’re backing up your data on a USB drive, ensure that the drives are disconnected from the computer after the backup completes.  That way, if the computer becomes infected, the backups will be safe.  Even more, once the backup is complete the backup media (of any type) should be removed from the current location.  If your office experiences a catastrophic event, then your backups will still be intact.

The most efficient way to do this is to have a cloud-based backup solution.  That way, all of your backed up data is stored at another site, usually in a geographically different location.  Cloud-based backup solutions are, obviously, fee-based solutions.  But the ability to quickly restore your data and get up and running is priceless.

The Human Factor

Network security is also as simple as educating your employees.  A well designed and implemented acceptable use policy would explain what employees can and cannot do regarding the hardware and software in your office.  It’s also a good tool to use to make your employees aware of what they should (and should not) do in the event of a suspected hack, breach, or infection.

Even the best anti-virus, anti-exploit, anti-malware, and anti-ransomware is only as good as the person using the PC.  Social engineering can defeat security software.  Employees should be educated in how to recognize phishing attempts, suspicious looking websites, etc. that can be used to gain unauthorized access to your data.

And don’t forget about face-to-face and telephone conversations.  People who engage in social engineering are good at making you feel at ease.  They’re pros at making you think the questions they’re asking or the access they’re requesting is legitimate.  They may drop names of your supervisors, or act as though there’s a sense of urgency.  But an employee education program can train users on how to spot attempts at social engineering being used to gain access to your data.

The Non-Human Factor

Now, here’s the difficult and (probably) expensive part… securing access to your network with network-wide hardware/software solutions.  Obviously, the firewall is the gateway to your network.  Having a robust firewall that also provides content filtering, anti-virus/anti-malware, and intrusion prevention goes a long way toward securing your network environment.

Of course, the newer firewalls that provide these services are pricey.  I’ve seen it first hand that many managers are unwilling, or unable, to spend a few thousand for a piece of equipment that they never see.  And if people don’t see a piece of equipment at work, they generally don’t realize the benefit of having it… until it’s too late.

Along with the next generation firewalls, an enterprise-level anti-virus is essential.  Many companies will put free anti-virus software on their computers.  They’re free, so there is that.  And they do detect incoming viruses.  But that’s about the only benefit.

The problem with using free anti-virus titles is that they act as though they’re independent installations.  And they are!  It comes down to simplifying your administration.  If you have 20 PCs running stand-alone anti-virus software, then you have to constantly check 20 different computers to ensure that the software is fully updated and that you have no viruses.

With an enterprise-level anti-virus solution, you’ll commonly have a dashboard from which you can check connected systems, software update status, infection status across ALL computers on the network, etc.  Having this solution will ensure anti-virus consistency across your network.  And that means less work for you!

But with today’s threat environment, just having one approach to network security not be enough.  You’ll need to address physical access to your network equipment, monitor the types of traffic entering your network, deal with viruses, ransomware, and other forms of malware, keep your PCs fully updated, and ensure that your employees aren’t inadvertently allowing unauthorized access to your data. A multi-factor approach to security is always the better option.

For help assessing your network security, developing your policies, or PC installation/support, contact Tracy Reynolds @ 601-925-6279 or email him at treynolds@dsmhospital.com today!

0 comments on “Ransomware is all the craze!”

Ransomware is all the craze!

Ransomware is a type of malicious software that’s designed to encrypt your data and then hold it for ransom until you pay the hackers to get the decryption key.  There are several reasons to be concerned.

1. You’re data is encrypted and you’re not getting it back unless you pay the ransom or you reload your data from a recent backup. (big concern there!)  Depending on the type of backups you do and the number of infections you have in your organization, it could conceivably take anywhere from a few hours to upwards to a month to get fully restored.

2. If you pay the ransom (which can range from a few hundred dollars to a few hundred thousand dollars), there is no guarantee you’re going to get the decryption key.  Think about it.  Paying the ransom is basically saying that you trust the people that hacked your computers in the first place.  That’s just crazy, yeah?

What can you do to make your computers and local network more secure against hackers and malicious software?

While ransomware is not new, a new wave is sweeping over computer networks around the globe.  The most recent breakout infected over 300,000 systems in 150 countries across all industries.  However, there is a way you can dramatically reduce your chances of getting a ransomware infection.

It starts with updates.  Keeping your operating system (OS) updated is the first line of defense against any kind of malicious software attack.  It goes without saying (so I’ll say it), at this point you should not be using Windows XP or earlier OS.  They are not being supported anymore.

So using the latest OS and keeping that OS fully updated is the first, and easiest, way to minimize your risk of infection.  Apple and Linux get viruses, too.  So even if you’re not using Windows, keep your system updated.  That will go along way in protecting you.

Along with keeping your system updated, backups are important.  People generally don’t think about backups.  But, if the data on your system is vitally important, say, payroll, inventory, time sheets, AR, or any mission critical data, you should be doing nightly backups of that data.

If you become infected with a virus, or more specifically with ransomware, then you can recover your data by restoring the backups.  Problem solved!  No ransom payment!  The boss thinks you’re a genius and everything is right with the world!  Assuming your backups are good backups, you will be able to completely recover from a ransomware attack using them.

You should also have anti-virus software installed and running.  These days, ransomeware and other malicious software attacks usually start with clicking on an email attachment.  Just clicking the infected attachment will install the malicious code.  A good anti-virus will scan your emails when they appear in your inbox and alert you to possible infections.

The anti-virus program for your organization should be a business-class, i.e., an enterprise-level, version as opposed to the free stand-alone versions you can download from the Internet.

An enterprise-level anti-virus program can be a little pricey.  It depends on the vendor, which anti-virus you choose, and how many computers you want to put it on.  There is nothing wrong with the free versions on your home computer mainly because… well… they’re FREE!  But, free shouldn’t a consideration for your business, in this case.

So, to recap…

1.    Keep your operating system updated.
2.    Have an anti-virus running and keep it updated.
3.    Save early and save often.  Make backups!
4.    Don’t open email attachments.