ITDMs have the most important job in any company: Making sure everyone else’s work doesn’t get corrupted, stolen, or deleted by some malicious outside actor, like rival businesses or nefarious hackers. You’ll find upwards of ten million articles on the web about how to secure your network and endpoints, but tips and tricks for ITDMs that actually concrete the process are hard won.
It’s not that IT professionals need these sorts of things explained—but the simple fact is that most “hacks” are little more than an attacker checking your network against this list more thoroughly than you do. Even pros with fantastic levels of technical computer security science can end up staring security audits to devices and networks with tons of blunders they haven’t patched right in the face.
You’ve got your days full of tasks big and small, and sometimes the most obvious is what can allude us. Here’s a quick list of some of the most important, maybe obvious, early steps in securing your business network.
1. Build a wall, then light it on fire
You need a firewall, that much is obvious—but what type? Next generation firewalls basically fall into three categories: hardware, software, and cloud-based. Hardware is the best for large or midsize and centrally located companies, while software tends to be the most economical option for smaller companies. Cloud-based Software as a Service (SaaS) solutions work for everyone, but they’re probably only necessary for companies with dispersed teams. This should include blocking pings—and don’t be afraid to make visitors get credentials before logging on, either. You should always weigh optimal security over convenience any day.
2. Get an immune system
Let’s face it: Employees are digitally filthy creatures, crawling with all sorts of digital bugs and parasites waiting to infect the pristine system you spent so long perfecting. The thing about viruses is that they only have to get a foothold—after that, they can work their way into the deep corners of the network, and methodically bypass the security measures they find. To prevent this, make sure your system is fully equipped with anti-spam and anti-spyware capabilities.
3. Be an annoyance to your coworkers
This is probably the most important bullet point yet: At the end of the day, the rules are only as good as the people who follow them. You need to get your entire company involved in a truly powerful security effort. No simple passwords. No guest logins. No connections from unregistered personal devices. Block some kinds of traffic, like peer-to-peer—it’s too risky, regardless of your company culture.
4. Change those settings
Armed with nothing more than a list of default router and firewall passwords, it’s possible to “hack” one’s way into an astonishing number of personal and small business networks. Don’t fall victim to the classic blunder of setting up the perfect firewall system, only to make the username and password set to: “Guest: Password.” Truly masterful IT security experts will set up each employee with their own username and password, so if any one person is compromised, their personal access can be cut off completely without affecting the entire company.
5. Stay up to date
We’re not trying to insult anybody here, but it’s shocking how many IT professionals have trouble keeping up with this dictum: Stick to the best and you’ll never get the worst. Drivers. Firmware. Version updates. You know what to do.
6. Pay attention to the little things
So, those are the basics. But there are tons of small tips you still need to implement. Here are some of the most important:
- Upgrade your operating system to 64-bit: 64-bit is newer than 32-bit, and that’s really all there is to it. It’s not so much that 64-bit operating systems are capable of more security (though they are), but that—since everyone had to re-write everything on them anyway—Microsoft and other OS makers decided that it was a perfect time to change their IT security demands. With 64-bit Windows you’ll get mandatory driver signing, randomized addresses, and more.
- Enforce full disk encryption: Company machines are always a point of contention. How much control does a person have over a computer they didn’t pay for, and don’t own? The answer: However much makes your network the most secure. In some cases, that means it’s necessary to saddle employees with fully encrypted device disks, especially if devices will leave the office.
- Use separated routers and access points: Many ISPs provide a wireless access point in every router—but these are notoriously insecure. Make sure there’s an independently secured access point.
- Set up honeypots and tar pits: Honeypots are essentially alarm systems that alert you to an attack, while a tar pit is an active security measure that slows those attacks down.
- Rename important things: This seems like it’s so simple that it can’t actually work. With the assumption that your security measures will be breached at least some of the time, rename your most sensitive accounts to have the most nondescript labels possible. It’s one thing for a hacker to get into your system; it’s another to know that your Administrator is C-010012, and not C-010011 or C-010013. Those are both honeypots, of course!
- No internet unless you need it: Not every machine truly requires the internet, IoT be damned. There are internal server requirements for basically every machine, but servers and administrative computers often have far less need to access the open internet in perpetuity. Lower the number of variables. Put the open internet to rest unless there’s a reason that a specific machine needs it.
In the end, IT security isn’t as hard as it is tiring. A strong, secure network has more to do with maintenance than it does with setting up the network in the first place. Most ITDMs know to build a firewall—but it’s only the great ones who maintain that firewall correctly. Follow these tips and tricks for ITDMs, and you’ll be ready to protect your computers against anything.