Security: why you need a trusted partner

It has escaped no one's attention that data and network security is now a very important issue. With organizations large or small getting “hacked” and the proliferation of destructive viruses like the cryptolocker, It has probably not escaped your attention that you need to improve your defenses. But what should you do?

Ask about our security audit

The security picture is clouded by an increase in vulnerabilities proportional to the number of devices with access to your network. And your current environment almost certainly includes older equipment, unpatched or out-of-date OS's, server software with unknown (to you) vulnerabilities.

baitedhook 000011247220 720pxAnd you can add to that the danger of physical access gained by an inadvertent click on an attachment with malware embedded.

Because data security is not a trivial matter, there are a number of steps you can (and should) take. The first is organizational: establish your security policy, and begin to align your company's procedures (behavior) to conform to the new policy. An aware, alert network of employees and contractors is the curtain wall - a reinforced outer defense - that will accomplish much.

Then make sure your entire network isn't open to everyone - an effort should be made to determine who needs access to what, and distribute those privileges accordingly

CommSat Security Audit

There are numerous technical defenses that can be erected, and some of them are not costly. Our audit will include:

  • Executive Summary
  • Survey of your current environment
  • Review of logs for prior or existing breaches
  • Risk assessment
  • Recommendations
 

What you can do right now

Though the highest level of security is not a DIY project, there are some things you can and should do. The following suggestions from the Massachussetts data protection standards can significantly strengthen your defenses:
  • For files containing personal information on a system that is connected to the Internet, there must be reasonably up-to-date firewall protection and operating system security patches, reasonably designed to maintain the integrity of the personal information.
  • Reasonably up-to-date versions of system security agent software which must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis.
  • Encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly.
  • Secure user authentication protocols including: (a) control of user IDs and other identifiers; (b) a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices; (c) control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect; (d) restricting access to active users and active user accounts only; and (e) blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system.

For more information on the Commonwealth of Massachusetts data security law 201 CMR 17.00 visit http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf