Just as I was scrolling down my favorite blogs the other day, an article by Matt Friedman for Networking Pipeline popped up. In essence, Friedman advocated to think ahead and figure out just how safe your computer network is. Once you have an idea about your level of vulnerability towards viruses, worms and hackers bent on doing harm to your network, you can implement an appropriate solution.
According to Friedman, “every great journey begins with a single step, and even if you only have ten minutes to devote to the project, you can still use that time to get the security ball rolling. “I think the key is not to think about securing your network in ten minutes,” says Jason Hilling, Director of Managed Security Services Product Management at Internet Security Systems, “but to get the whole process started in those ten minutes.” Here are some of Friedman’s key points:
- Evaluate your security policy: “Every organization needs some kind of security policy, but it is often surprising how many do not. The problem, of course, is that network security is often perceived as a technological problem that you can throw money and gadgets at to make better. If things were that simple, then worms and hackers would be a thing of the past.”
- Vulnerability Management: “One of the most important things you can do when you have limited time is to find out where you are vulnerable,” Hilling says. “To a certain extent, everything follows from this.”
- Patch management: “Once you have the process in place to identify vulnerabilities, you then have to ask how you are going to patch them,” Hilling says. “Patching can be the most important thing you can do.”
I might add: if you don’t know how to do this, let an expert take a look at your network and teach you the basics of patch management. It doesn’t have to cost a lot, but will serve you well.
- Get informed: The best way to stay on top of security vulnerabilities, of course, is to make sure you know about them before they bit you in the tender parts. That means taking the time to scan the latest warnings and maybe even reading your favorite networking or security websites over coffee. It doesn’t take long to stay informed once you are informed but, as with everything else, you have to take the time to start the process.
“There are a lot of solutions that can bring security intelligence to you,” Hilling says. “If you don’t have the time to address security yourself, any good managed service provider will deliver intelligence to its customers about what’s out there.”
- Go shopping: Even if security is not strictly a technology issue, you need technology to secure your network. It’s probably not a good idea to drop $10,000 on intrusion prevention systems and firewalls in ten minutes — and the board of directors would have your head if you did — but it only takes a few minutes to see what what’s out there.