it security

Technologies and business processes are becoming more complex and interlink, businesses are often faced with security challenges and preemptive ways of protecting sensitive data and IT structures. Cyber attacks and other hacking approaches are increasing as technology innovation become sophisticated. Businesses need to be proactive when protecting critical data and implement best practices. These are some of the best practices for IT security:

  • Take an assessment of your IT infrastructure assets
    • All personal computer (desktop, notebook)
    • Mobile devices – Tablets (Ipad and others)
    • Servers
    • Networking devices
    • Another hardware component such as Storage (SAN and NAS devices)
  • Patching of both pc and servers for software updates and security bug fixes
    • Incorporate system updates and security patches for both pc and servers
    • Automate patching process for compliance standards
  • Access control
    • Password changes every month both PC and servers
      • Enforce change of password at least every month
      • Impose strict password choice (include combination of numeric, character and non-number/character)
    • Incorporate single login for both systems and applications
      • Implement Active Directory (AD) or LDAP user authentication software
      • Users should be able to change their password one time without having to change it for different systems or applications they used
      • Implement self-service feature for password changes without the assistance of help desk team
    • Restrict access to individual computers and servers
      • Allow certain privileges to most critical information
      • Setup up biometric card readers for a particular area of the build which has sensitive information on the computer
      • Surveillance cameras in the specific area of the building such as data center and another area of the building where sensitive data are kept
    • Follow up on employee termination and inactive user
      • Work with the HR department to deactivate terminated employee’s access to the systems
      • Monitor inactive users on the systems and set up automatic features to deactivate or luck any users’ accesses that are inactive for a certain period
  • Network Firewall protection
    • Set up firewall rules for each environment and department
      • Segregation of computer access
      • Department restriction
        • Example HR should be separate from the Sales department, likewise accounting and other departments
    • Create VLAN (virtual LAN)
    • Perpetual network scanning for intrusion

 How secure is my important data?

Network, Systems, Security and Business Continuity Solutions

Security And Business Continuity Assessments

Security Protection – Sophos

Dangerous ransomware awareness and immediate protections, Sophos

Interested in our IT services