As cybercrime continues to rise and business processes become even more technology and data dependent, you’re probably making a significant investment in protecting your technology infrastructure and company data from unforeseen disasters of the natural or human engineered variety. Unfortunately, no matter how much you’re spending on security measures, it’s possible, even probable, that you’re not as protected or as prepared as you’d like to be for a crisis such as a network failure or data breach. It’s more than the loss of return on your investment; it could be a loss of your data and business continuity.
We’re not saying that you or your IT professionals are making poor decisions about what technology and security features are purchased or installed. That might be true, in which case you definitely need to stop reading right now and give us a call, but quite often the gap between what you’re paying for and what you’re getting is simply because the device or subscription you purchased hasn’t been properly set up for maximum protection.
For instance, you most likely know that a firewall is a necessary component of your security plan. You might not know exactly what it does, but you know what it prevents: cybersecurity risks. And it’s a safe bet that the firewall you now have installed was selected based on the features it included and what it promised to protect against. However, those features add up to nothing but a false sense of security if they aren’t enabled and properly configured.
Then there’s email. You know that everyone in your organization is bombarded every day with email. But some of what your employees are getting in their “in” box needs to be filtered “out” to eliminate the malware and phishing attacks that are an inevitable part of that email bombardment. Did you know that spam filtering can do a lot more than just putting some emails in your Spam folder? There’s a whole range of configuration options included in Advanced Spam Filtering and Advanced Threat Protection to help you avoid falling prey to phishing, malicious clicks, and downloads. That’s great news if you’re actually using them.
Here are a dozen of the most common security solutions and features that we often see being underutilized or improperly configured. Want to know if you’re getting your money’s worth out of your security solutions? ThrottleNet knows, and we can tell you all about it when you call (866) 826-5966 or you can use this handy contact form.)
#1 Content Filtering – This feature uses your firewall to restrict access to any executables, emails, or websites that may be harmful if opened. You can also set filters to prevent access to certain types of content like pornography, gambling, or video sharing. You could even block social media sites, but we don’t know why you’d want to do a thing like that. We post some really good stuff to Facebook and Twitter, and you wouldn’t want people to miss out on that, would you?
#2 Intrusion Detection and Protection – Because cyberattacks can compromise your network in something close to real time, it’s not enough to just have reports or even alerts that tell you when suspicious code patterns or signatures are detected. You need a layer of protection that can block traffic from malicious sites or even interrupt the internet connection to halt transfer of code. Properly configured, the Detection and Protection combination takes a preemptive approach to detecting attacks and stopping them before they infiltrate your network.
#3 Deep Packet Inspection (DPI) –You’ve probably noticed that more URLs now begin with “https.” There are a lot of reasons that https protocols are a good thing, but without Deep Packet Inspection it can let hackers go “undercover” and slip through your firewall. That’s because your firewall’s default settings won’t allow the content on a “secure” site to be decrypted, so it sees “https” and thinks, “Hey, I’m not allowed to look at that, but it says it’s secure, so we’ll just let it through.” Of course, just because it’s a secure site doesn’t mean that the code that site is transmitting is safe. Deep Packet Inspection, or “DPI Over SSL” functionality allows all web content to be inspected to prevent malicious code from getting through. Think of this option as giving your firewall a pair of x-ray glasses that can see even the most hidden threats to things like your essential business data.
#4 Custom Filter Policies – The default policy for suspicious emails is usually just to send it to the “Spam” folder, which doesn’t guarantee it won’t get opened by some curious or naïve soul who just has to know why “Sandburg Sheryl” is emailing them about “Actionable Intelligence.” (That email is sitting in my Spam folder right now, totally not kidding.) A better solution is to take advantage of the Advanced Spam Filtering options to aggressively quarantine or immediately delete the worst suspects. You can also set filter policies to forward suspicious messages to a separate email account for review.
Not only should you set your company-wide filters specifically for the best practices of your company and your industry, you can also set custom policies that apply only to certain users, groups, or domains within your organization.
#5 Language and Location Filtering – These options allow you to set policies for emails written in a particular language or originating from a geo-specific locale. We’re not prejudiced, but we know that a disproportionate percentage of attacks do coordinate from certain countries. So, if you believe these emails carry a higher risk of malicious attachments or malware you can set them to be deleted, quarantined, or forwarded to an administrator email. After all, it’s better to be safe than sorry.
#6 Detonation Chamber Setting – Many spam filtering solutions now include the option to open suspicious email attachments and execute applications or URL requests in “dynamic execution environments.” It’s kind of like opening a possible bomb in the safety of outer space without having to leave your desk to do it. These isolated execution environments allow you to determine whether or not the attachment or application contains malicious code without exposing your network.
#7 Full-Disk Encryption – You probably have your devices password protected, but if the data on those devices is not encrypted a thief can easily bypass the password requirement by booting off of a USB drive or removing the hard drive and connecting it to an unlocked device. Full-disk encryption (FDE) works by automatically converting the data on your hard drive into a format that cannot be read without an authentication key. This won’t add a step for anyone unlocking the device with the proper password, but will protect the hard drive from being deciphered by anyone else. Current Apple and Microsoft operating systems both include full disk encryption as an option, called FileVault and BitLocker respectively, but the function must be enabled and configured for your device to be protected.
#8 Backup Monitoring – Your monitoring service probably has the capability to do more than just reassure you that the backup was performed. You may also have the ability to set real-time alerts for backup failures and use backup details to identify the performance of your backup and protect against bottlenecks and slow backup times. And, because you never know what files you’re going to need next week or next year it is also wise to have reports on the backup status of every folder and file rather than just the files scheduled for backup. That way if files have been omitted, either by design or because of a system error, you can take action to make sure your data is backed up properly.
#9 System Image Backups – Speaking of files and folders, did you realize that most backup configurations only back up your data? So, imagine for one brief, terrifying moment what happens when your server dies or gets hit with something like CryptoLocker and goes toxic on you. Of course, you have your data, but how are you going to use that data without your software? If you did a System Image Backup, you could just restore to an uncompromised machine, and you’re back in business. If you didn’t, it might take a little (or a lot) longer.
#10 Off-Site Redundancy – While we imagine things that can happen, but hope they never do, let’s say you were choosing a parachute or a safety harness. Something your life depends on. You wouldn’t choose a design with what engineers call a “single point of failure,” would you? Because if that single point of failure fails you’re dead.
A backup plan that parks all your data on a local server is designed with a single point of failure. If your only backup lives on your server and your server gets hit, it really won’t matter if you backed up all your files, or if you did a System Image Backup, because you won’t be able to restore that data anyway. And while your life may not depend on it, your business probably does. Moving your back up to an off-site location like the cloud means that nightmare won’t happen to you.
#11 Web Threat Shield – It kind of sounds like something a Star Trek actor would yell right before the whole crew almost bites the big one, doesn’t it? Well, it isn’t designed to save your bacon in deep space, but it does give your System Administrator the ability to better protect you from attacks in “web space.” Basically, it lets them use a global site manager interface to perform an in-depth risk evaluation that audits websites based on their reputation, history, and association with other internet objects and can override or enhance default security function based on that assessment.
#12 Enforced Password Policy – We know all the usual gripes about Password Policies. Who really enjoys having to reset their password or keep track of random strings of letters and characters? But before you give in to the preference for convenience over security, check out GRC’s Interactive Brute Force Password “Search Space” Calculator to see how long your average user passwords would likely hold out against a concentrated hack attack.
Enterprise email providers give the System Administrator the option to establish and enforce a Password Policy. This allows you to require passwords to be reset at certain intervals, dictate how complex (length, special characters, and alphanumeric combinations) passwords must be, and limit how often an old password can be used. You can also set a Password Audit Policy to allow you to track all password changes.
You can take your password security to an even higher level by enabling multifactor authentication and/or biometrics. That extra effort might make the difference between success and failure for a would-be hacker and between security and a major headache for you.
This list doesn’t cover all of the cybersecurity measures we review and monitor, not by a long stretch. But it gives you a good idea of the “usual suspects” that are most likely to be unused, underused, or misused.
Before you give the command to “enable everything we’ve got,” remember that configuration is not as simple as just turning those features to “on.” That’s why our team of IT+Security Professionals start every client onboard process with a full review (we mean a deep inside and out inspection) of existing infrastructure – hardware and software – as well as a hard look at your usage patterns and business objectives.
To integrate properly, the settings need to be customized according to your particular hardware and software solutions as well as your business needs and processes. While most hardware and software comes with installation instructions, those instructions can’t take your full security strategy or business needs into consideration. Even an IT or Security provider may not take the time or have the expertise to audit all of your solutions to make sure they’re working seamlessly. That’s where the + matters in IT+ Security. We know what you’ve got (and what you need) as well as the expertise to know how it all has to work together for business continuity.
Because businesses become more and more dependent on technology, and since the bad guys both keep getting smarter (and yes, we know they aren’t all “guys”), this isn’t a “fix it and forget it” solution. Regular monitoring and review are a must to keep your defense game strong. Which is, you guessed it, where ThrottleNet can make sure your business uptime is all the time.
We would love to discuss our services with you more in depth.
Call (314) 961-1027 or 866-418-9268
9201 Watson Road, Suite 350
St. Louis, MO 63126