WEAKEST LINK

We often think about IT security as the type of threat in front of our noses – spam emails, viruses, lost passwords and so on – and this means that we often protect our systems against threats to that security in a piecemeal fashion, installing different software or devices for each task, in each office, in each country…

A piecemeal approach to protecting IT gives the illusion of security. You have spent many hours and a lot of money on providing solutions to every problem you can see. Yet, on the other hand, you might have completely failed to identify every threat and forgotten that your organisation is only as secure as its weakest link.

The Weakest Link
Where might those weakest links be? Hackers are finding new vulnerabilities every day, so it’s vital to change your attitudes and gain a new resolve. Unless you systematically close any loopholes in your security, you are running your business with an unacceptable risk. By solving only the problems discovered last week, there’s no preparation for the problems that might arrive tomorrow: people tend to always look in the rear-view mirror. But the unpalatable truth is that the most dangerous threats to businesses are rarely the problems that everyone is aware of– but the threats that nobody has considered yet.

Identifying & Addressing The Weakest Links
We have put together a short list of steps you can take to identify and address possible weak links in your security & identity management.

1. Access Management
Mobility has dramatically improved the flexibility and productivity of our workforce, but with this comes inherent risk. For example, the global use of public hotspots for business almost doubled last year. Although you may have the security policies in place to give each employee access to only the information they need to see, is the same policy appropriate regardless of where they are and over which network they have access to? We always recommend you review your system access policy from both an internal and external perspective.

2. Regular Third-Party Audit
Bringing in external expertise to perform a Security Audit is probably one of the most worthwhile steps you can take. Their external perspective combined with the specialist knowledge will always uncover weaknesses that you never knew existed. However, a clean bill of health last year does not necessarily mean you are protected today. To be effective, this needs to be a regular occurrence. b2Lateral can help you here. We do the first audit free of charge and then can provide you with a regular service.

3. Finding & Applying Essential Patches
While the job of protecting a business against intruders is never complete, there are many invaluable systems that will protect a business automatically in real time. One example is patch and vulnerability management. This is not so much an option as an essential feature of any security policy in order to keep up to date. There are more than 120 new threats emerging each week. Most of those threats are quickly dealt with by the software and hardware vendors who supply free patches to secure their software. However, the workload of trying to identify the important threats, locating the patches, downloading and installing them is considerable. Furthermore, just one mistake – or one missed update – and any network is vulnerable to the newest threats, as hackers use automated systems to find even a single unprotected node on the network.

4. Go Automatic With Essential Patches
Applying essential patches is a job that is perfect for automation. Automated patch management systems download all of the software updates that servers, desktop systems and laptops need and installs them automatically. This is a laborious process where the human can become the weakest link and where errors can be very costly. By automating this process, you take out the risk of the human error and ensure that you gain protection from threats you are yet to be aware of.

5. Avoid Attacks
A complete security policy should also include several ways to guard against new attacks. Managing email security at the server (or even before the email server, using dedicated hardware) to filter virus attacks, phishing emails, malicious content and spam is far more effective than expecting users to recognise every attack.

6. Effective Reporting
Effective reporting is also essential. While enterprise firewalls create security logs, few of them are analysed to give valuable information on how your security might be compromised in the future. This is useful data to have, if only to help prioritise further protection activity. These should be reviewed regularly and, most definitely, analysed as part of your security audit.

Security Matters
IT security has come a long way since the first computer virus was identified in the wild in 1982. Managing your security is a full time job where your weakest link may be your downfall. Therefore, if you want to succeed in keeping your business secure and virtually faultless, it needs to be a focused activity; utilise all of the resources available to you and, most definitely, automate.

How Can b2Lateral Help?
b2lateral can help you identify the risks faced by your organisation and point out your weakest links. We can also provide you with solutions to mitigate risk, simplify business governance, and ensure compliance throughout your organisation. We work with all of the leading Security & Identity Management providers so we can offer you best advice and product agnostic recommendations.

To find out more about how b2Lateral can help you or to register for your free Security Audit*, contact us on 0870 321 6565 or email us at info@b2lateral.net

*Terms and conditions for this audit will apply and are available upon request.