Most of the news stories recently about computer security relates to Internet hacking, but there is generally a root cause of all hacking, and it often comes from internal network policies. There are many elements involved with keeping your data secure, including: preventing social engineering, local security requirements, and user training. Some of the steps required to provide good network security are simple and they can keep you more secure than you think.
It is essential to provide proper controls over the IT infrastructure of a company. One way of accomplishing that is running a computer domain using Microsoft Active Directory (AD). An AD is a database of resource control that allows system administrators to manage computers, servers, printers and file shares on the network. It allows the IT professionals to limit access to the resources that the users need, rather than granting unlimited access. On networks with more than a few users, it is essential to run a domain for proper security.
Remembering passwords can be difficult, but it is important to require users to enter passwords to gain access to their computers and network resources. Passwords should be required to be complex and change periodically. Computers should automatically lock after a certain amount of inactivity. Users can also lock computers manually by pressing the Windows Key + L on the keyboard.
New users are usually created when the employee starts with the company, but often users are not removed after the employee leaves. It is important that the person responsible for the network is notified when an employee is fired or resigns. Periodic account audits, monthly, quarterly or yearly, depending on the amount of turnover in the company, is essential to make sure that computer resources aren't still open to former employees or vendors.
Network Resource Restriction
Not every user needs access to all the data on the network. Having one file location, such as 'public', is not a good security policy. Users should be limited to areas that they have responsibilities over, such as projects, human resources, accounting, executive, etc. Users should only be given access to areas that they need. Also, private user data should be stored on network servers in private user shares. That way the data can be easily backed up, rather than susceptible to hardware failure on individual PCs.
Internet Access Restriction
Not all users need full access to the Internet. Proxy servers can restrict access to users to only the websites required. This increases productivity and limits the ability for virus and spyware infection. Additionally, Internet usage can be filtered by antivirus protection using a gateway antivirus solution and intrusion prevention firewalls.
Policies and User Training
Your employee handbook should lay out policies on social media, Internet usage and an acceptable computer use policy. Review with your staff the policies periodically. Also, let your staff know which vendors should be granted access to the network so that hackers are not able to use social engineering to gain control over your network.
These procedures are easily implemented inside any size of company and go a long way at protecting your computer infrastructure from current and former employees, vendors, hackers and anyone else that may want to cause harm to your company.