ZDNet has a post, directly from the Gardner Symposium last week called Tipsheet: Information security on the cheap In it they talk about simple inexpensive measures that can be done to improve security, and what they have the say is well worth the time spent reading it. Not everything we do needs to be expensive to be effective, take a look:
They say "An ounce of prevention is worth a pound of cure", while I say in todays digital world I would say the saying should be "An ounce of prevention is worth a ton of cure". Meaning just a little bit time spent in forethought, and planning can save spending days and weeks in recovery, when it comes to computer security. Sphere: Related Content
These tips were culled from a presentation last week by Adam Hils, who gave a talk at the Gartner Symposium/ITxpo last week. The tips were targeted toward midmarket companies.
Security steps that’ll cost almost nothing:
* Evaluate the patch status of all production systems connected to general-purpose networks.
* Deploy standard configurations on your PCs and servers to reduce vulnerabilities and improve patch deployment success rates.
* Look for ways to standardize your PC environment by classifying users by their need to manage their own PCs. P.S. Locking down everyone doesn’t work.
* Negotiate more features with your desktop security vendor when you renew.
* Make sure you have anti-spyware and personal firewalls–and don’t pay for them.
* Block all attachments from outside except for those used in business (.zip, .doc, .xls, .pdf and .ppt).
* Limit administrator privileges to administrators.
* Don’t allow critical files (customer and employee records and intellectual property) to be printed or downloaded. Any exceptions should be documented and justified.
* Erase all data on the hard drive before recycling or throwing away a PC.
* Disable all inactive accounts.
Inexpensive security steps:
* Minimize benign data leakage by instructing employees of best practices.
* Change passwords on root and administrator accounts; review help desk and password resets.
* Restrict access to USB/removable media points where possible. Apply policy restrictions on others.
* Examine security practices for remote access.
* Block every port that your business does not require to be open.
* Use compliance as a rationale for more security funding.
* Narrow the vendor list. The less vendors you have the more leverage you get.
* Consider security delivered through SaaS, all in one appliances, open source and thin client computing.
* Don’t spend money on things you don’t need. Examples include: Personal digital certificates, 500-page security policies, security awareness posters, biometrics and passive intrusion detection.
0 comments:
Post a Comment