| |
 |
Carry out a ‘brick level’ risk assessment of your entire network, and have a disaster recovery plan in place, should things go wrong. |
| |
|
Ensure everyone logging into our network has a secure password, not one that can be guessed easily. |
| |
|
Secure your network so that only authorized devices can communicate across it; this should be done at the MAC level. Work on the basis of denying all access to all clients on all systems, and then only grant access as required. |
| |
|
Protect your borders by installing a firewall at every possible point of connection. If your network can be seen from the Internet for any reason, such as for website hosting, or if you service XML or EDI queries from suppliers or customers, then you should configure a DMZ to isolate this traffic from your live network to a safe location. Also ensure only essential ports are open on your firewall, e.g. for email and web access etc. |
| |
|
Install anti-virus software on all of your PCs, laptops and servers (make sure it’s up-to-date and daily scans are automated). Install software to detect spam, adware, malware and other malicious / annoying programs that can be installed onto PCs and servers. |
| |
|
Ensure all of your devices have the latest vendor recommended security updates installed (automate this process as much as possible). This not only applies to the obvious server and desktop devices, but also to firewalls and other devices. Check these updates are being deployed correctly to the relevant devices. |
| |
|
Invest in making your operating systems as current as possible. Newer software has fewer flaws / bugs and known ‘back doors’. |
| |
|
Insist all clients have the correct local and network permissions and no more. |
| |
|
Take all users out of the local administrator’s groups on their PCs to prevent them from installing unauthorized applications. |
| |
|
Install a Web filter so you can control your employees’ Internet access and usage, and set up a Security Policy for all employees (in our experience, more damage is caused to systems by internal users than by external hackers). |
| |
|
Deploy a ‘bullet-proof’ backup strategy with regular backups, restore strategies, integrity checking and offsite secure archiving. |
| |
|
Good housekeeping is also necessary. Make sure passwords are strong, secure and safely documented. Disable accounts of employees on holiday or those who have left, and make use of a radius server for remote access authentication wherever possible.
|
