In the last 12 months more data has been stolen by hactavist organisation than by normal criminals.
Why is this significant?
What is shows, at the moment, is that being motivated by a cause is a better driver than being motivated by money or revenge. How can you as a small or medium business and not for profit organisation protect your business and organisation from being attacked. Some not for profit organisations could find themselves in the cross hairs of a hactavist attack just by their cause alone.
1. Physical security
If your servers, routers and switches are under lock and key then there is little chance that they can be restarted and access through basic line systems like consoles cables. Not only should server access be secure but the bios settings of the server should be set to boot automatically from the hard drive. This protects the server and does not allow it to be access through system recovery tools located on CD, DVD or USB devices.
2. Remove all old and unnessasary data
In todays world most data that is more than 4 years old is definitely obsolescent if not obsolete. This data needs to be archived or destroyed. If there is a legal requirement for keeping the data then make sure that it is protected as well or better than the rest of the data. If there is no reason to keep it then it should be destroyed. A good rule of thumb is if a file has not been accessed in 18 – 24 months then it should be archived or destroyed.
3. Check logs frequently
Before you create a process for checking logs you have to set up a process of auditing and understanding what needs to be logged. Once this is done then a process of checking logs daily needs to be done. This is only one component of the logging further requirements also need to be set up and that is alerts. All critical data and access needs to have alerts placed against them. This allows for the immediate response to critical access and data. Alerts allow the systems administrators to shut down or monitor system access and report breaks in real time.
4. Use two factor authentication where possible.
Some Internet banking access uses a dongle to create a second level of authentication for your bank account. To access your account you need not only user name and password but you also need a 5 – 8 didget number generated by the dongle and the bank. This is called 2 factor authentication. Access to VPN to your network should include 2 factor authentication where possible
5. Remove access from Remote systems and check for back doors.
PC Anywhere, VNC and RDP are all systems of access to your servers and business environment. The problem is that these systems are inherently insecure. Yes you can use them but I recommend that prior to making an RDP or VNC connection that you connect to the business network through a VPN. This allows for the flexibility of remote desktop products with a higher security profile and makes it harder for people and robots to access your network.
6. Warn security
If you have physical security in place – swipe cards and security personnel train then to recognise a threat. If your business has a requirement for physical security then make sure they have an understanding of their requirements.
7. Train your people.
This is huge in respect to keeping your business secure. Your users and staff are the ones who will notice something out of ordinary when it comes to security breaches. The problem is ” thats not my job” often gets in the way. Training of your staff to understand that anything security related is everyone’s job will ensure a more secure business environment. Be alert is a good catch cry for most business organisations.
Although this is only a short list it will give you a base for improving your business security. Good luck and “Be Alert”