The recent world-wide ransomware attacks have forced companies to evaluate their data security and data risk.
To understand security, we must understand how we are connected to the internet and our exposure levels.
All modern companies have a dedicated always on internet connection to access email, and other web based services. This is not a bad thing; however, the issue becomes that to be able to access the outside world, what risk is there that the outside world can access your data?
Data security revolves around two parts:
Part 1: Restricting access in and out of the company internet line.
Many of you would have heard of the term firewall. A firewall is, in the simplest terms, a device that sits between your company and the outside world. It blocks all ports and access on the line except those ports that you allow.
A simple example is that if you only wanted your email server to send and receive emails, you would only open port 25 (SMTP) to and from the IP address of the email server. If you had a company Internet proxy server, you would only allow port 80 (HTTP) to and from the IP address of the proxy server. Putting these settings in place means that your computers can only send and receive emails through the designated company email system, and staff can only access the internet through the company controlled proxy server. This limits exposure to all the computers on your network from outside. At the same time it prevents your computers from being able to send and receive unauthorized data to sources on the internet.
A quality firewall service is a minimum requirement for all companies. ECN can help you manage the accessible ports on your data line and put in place some data security using their managed internet connection skills.
Part 2: Data security software, updates, and patched software
The reason most of the companies are experiencing the ransomware attacks is due to outdated Windows operating systems with limited patches.
Unfortunately, many companies do not have regular software update policies. This is due to one or more delays in application or software updates. An update and patch policy and process is a must in any company. An antivirus, anti-spyware centrally managed service is also recommended. Make sure you choose an established world-wide brand that is well reviewed and respected. Also ensure it is properly managed and maintained by trained professionals.
Then the final step is staff training and awareness. Enforce training and policies in the company with monitoring and reviews of what websites and emails your staff access. This is the most common method of how these data security breaches occur; a staff member clicks on a URL (web link) or opens an email attachment that they should not have.
Make sure your staff and policies are updated and well enforced to prevent data security breaches.
Our ECN technical team are masters of optimizing data lines and ports to make our voice services the best, our team can gladly advise you on managing your data security on your internet line and can source the best hardware routers and firewalls. To learn more and protect yourself contact our experts for the best equipment and advice.