7 commonly overlooked ways to tighten cyber security

It's OK to be paranoid about every last detail when it comes to security

111714 security 1 intro

Tighten that cybersecurity belt

When you setup your network's security plan, quite often you have the big picture covered but some times there are those minute details that get shelved or forgotten. Here are a few items IT security officers should make sure they have covered.

111714 security 2

Your own people are an APT (advanced persistent threat)

The weakest link in the security chain is always the end user. There is always someone who believes they know better or a policy doesn’t apply to them. To the extent that compliance with security policies can be automatically enforced even for the professionals, they should.

ALSO: Does 'shadow IT' lurk in your company?

111714 security 3

Have a clear escalation plan when trouble is suspected

A major retailer had warnings there was trouble with a point of sale system, but the timing of the alerts coincided with critical shopping periods.  The staff that were concerned did not have the authority to take the systems offline and investigate, nor could they locate anyone with the authority. Subsequently, a disaster ensued. The problem could have been contained had someone acted when they first suspected trouble. Be sure your staff knows who has the authority to make the hard call at the first sign of trouble or give them the authority to do so themselves.

111714 security 4

Consider building additional fail-safe into your processes

The military is famous for redundancy when something irreversible is about to be set in motion. Two officers are required to activate a missile launch. If one officer isn’t certain, that officer does not enter their launch codes. Consider adding dual authentication to any updates being made to a critical system. A second “officer” must also authenticate and click on the install button.

111714 security 5

Be cautious and control what can be downloaded

Do not allow employees to install their own software. This can be accomplished by limiting admin rights on laptops, desktops, and servers. There are plenty of commercial products out there that do this very well and still allow the machine to run properly in a work environment. Don’t be influenced by the company size or number of employees.  The effort you spend helping manage company owned and connected devices is smaller than a breach recovery or the impact of a network infection. 

RELATED: 5 things you no longer need to do for mobile security

111714 security 6

Document and keep track of where any open source is used

Everyone thinks of a white list, but also have a proper request and vetting process for newly requested software products or applications to be installed. Track the open source components. Many software pieces are partially or fully based on open source code. If you don’t know where those components are, you won’t be able to assess your risk if a vulnerability is discovered later. 

ALSO Debunking the top open source myths

111714 security 7

Control how company equipment is used, even when it goes home

A corporation must control the Web browsing capabilities of its users inside and outside the premises when using company property. Web filters may not be popular with employees, but many compromised sites seem innocent enough. The only way to protect your network is to be strict about Web browsing, no exceptions. If someone wants to view the latest Internet fail they can do it on their own machine.

111714 security 8

Lock down browsers on take-home computers

Perhaps 90 percent of enterprises have Web filters on their corporate networks. Far fewer have client side Web filtering to restrict computer use when a laptop or tablet travels home and is connected to a private network. It’s not popular with employees, but it is your equipment.