Three Ways to Help Keep Your Network Secure
Part of an IT professional’s job is to ensure their company’s network is secure, helping to prevent attacks that lead to downtime, lost/stolen data, and severe frustrations from end users and management. Many times, the biggest threat to the carefully chosen layers of security is the end users themselves. They click on unfamiliar links, visit sketchy websites, or give credentials and information out to the wrong person, among other things.
But we can’t place all of the blame on them; old habits die hard, and technology constantly change. We have to continuously educate end users and ourselves on best practices and make sure they’re building good habits when it comes to technology use.
There are multiple steps in creating and maintaining a secure network, but here are three of them.
1. Always Verify Someone’s Identity Before Giving Out Information
Social engineering attacks have always been the easiest way to obtain credentials and sensitive information. Why take the time to hack a system when you can pretend to be a vendor or someone else and get the info gift wrapped to you by an end user?
Calling and pretending to be a representative from a vendor, even a big name like Microsoft, is a popular strategy. If an end user has never talked to this caller and has the slightest doubt if they’re really from the company, no information should be given. If it’s a vendor your company does business with regularly, hang up, call the main point of contact there, and ask for verification. Taking the time to do this can save headaches down the road.
The same thing applies to spoofed emails that appear to come from a coworker. Requests for passwords, money distribution, or any sensitive information should always follow a multi-step verification process. Options include a verbal confirmation or signed form for the request.
The bottom line is that legitimate companies will never ask for an end user’s password or other sensitive info over the phone. When in doubt, verify!
2. Be Wary of URLs/Links that Look Odd
Links to webpages are everywhere, including in emails, on text or ads within a webpage, in text messages, in apps, and other places. We’ve been clicking on those links since AOL told us we had mail in the 90s, but that was over 20 years ago, and our behavior needs to change with the times.
Today’s headlines and titles are meticulously crafted by clever marketers to entice people to click (we may or may not have intentionally written our post title this way…). Often, this is to increase views and website traffic with the intention of gaining new business. Sometimes, it’s done with malicious intent. People will click on links and unknowingly visit webpages that contain malware, ransomware, and all sorts of mayhem if they don’t exercise caution.
Here are a few ways to spot sketchy links:
The grammar and spelling of the surrounding text are poor or beyond comprehension.
Letters are replaced with similar characters, such as 0 for o in google.com (g00gle.com)
It’s in a message from someone you know, but the wording is very unlike that person.
The top-level domain is something besides the more common .com, .org, or .gov. Examples include .ru, .download, .xyz, and .science.
Shortened links (bit.ly, ow.ly, etc.) on webpages, in emails, or even on unfamiliar social media posts.
Of course, a sure-fire method is to just not click on it.
3. Add and Manage Layers of Network Security
It’s not all up to the end users. The IT department/professional is responsible for putting layers of security in place as a multi-directional defense (to keep threat actors from reaching in and internal staff from allowing them in).
Depending on the business type, applications, and data needs, among other things, the network security components needed will vary. Businesses in the healthcare, financial, and human resources sectors typically have higher cybersecurity compliance requirements because of the sensitive data they acquire and store.
In addition to creating a strong network defense, IT professionals must keep informed on changing technologies, new threats, and the best ways to mitigate risks for the business.
Businesses also utilize outside IT firms for various reasons, including larger projects, consultation, and additional helpdesk support. It’s important that outside firms are vetted and questioned about the solutions they recommend. They should always be able to back up their recommendations with solid reasons that tie back to the business, especially when the business’ network security and data are at stake.
In the end…
Education and prevention are key steps to protecting your business’ network from intruders who aren’t allowed access.
If you’re at all unsure about the security of your network, contact us. We like keeping the bad guys out!