The topic of computer security is increasingly taking up column inches in the media, and it is an area of growing interest to individuals and companies. Internet users and site administrators are better informed than ever and they know increasing amounts about the various IT threats posed to their data and information systems.
But yet, the level of protection for each individual is not always sufficient when you look at the risks being taken! Net4All, a provider of managed services that specialises in computer security, wants to help Swiss companies to improve the security of their information systems. This is the only means in which a safer web can be achieved for everyone. This safeguarding process involves a number of projects – here are the main ones.
Data, a resource to be protected
Theft of data is one of the most popular attacks carried out by hackers. Data are monetizable, can be used as a ransom, and they have a major impact on businesses. It is therefore vital that you optimally protect your data.
The first thing you need to do is to encrypt your data. This means making your data unreadable by anyone who does not have the decryption key. So even if the data is stolen, it cannot be used by hackers. When exchanging sensitive data, it is crucial to use encrypted emails or secure sharing applications.
But that’s not all you need to do! You also need to use encryption, and therefore secure the connection between your server and your Internet users or clients. Using HTTPS – and the use of an SSL certificate – means you can demonstrate to your users that the connection is encrypted and therefore unreadable, thus making it secure. Your users can then send you their data in complete confidence.
Two additional good practices
As well as encryption, there are other best practices that can help you limit the damage in the event that an incident occurs.
- Data retention policy: determine what data is really useful for your business and then remove all unnecessary data from your databases. That way, there is one less thing for hackers and pirates to get their hands on!
- Data backup policy: store a backup of your data in a different system and in a different geographical area from that of your primary system. If there is then an accident or an attack, you can avoid the total loss of your data, which often goes hand-in-hand with a company ceasing to be active.
A system that is armoured on all sides
Data, however, is not the only sensitive component in a system. This is why security tests need to be regularly performed on platforms. Audits, internal or external penetration tests, etc. These will highlight the sensitive points and the vulnerabilities of the systems, allowing you to strengthen and protect them before hackers can exploit them.
Between these tests, technological watching must also be carried out. New vulnerabilities are discovered every day, making it vital to quickly apply security patches to the solutions that you use in your information system. This may seem obvious, but in actual fact, we still encounter serious issues…
Finally, don’t forget that the Internet is not the only way that someone can access your system! It is important to protect your Wi-Fi networks, internet connection, surveillance system… and secure physical access to buildings. You should also take note of what your suppliers are doing: in the USA, Tesco was compromised by its air conditioning supplier. Leave nothing to chance.
Make sure your employees are aware of good practices
Ultimately, you need to understand that your employees play an essential role in securing your information system. The majority of IT incidents are the result of preventable human error. You should therefore train your employees to recognise threats (including phishing and social engineering in general) and they should follow good security practices.
“Bring Your Own Device » might also pose a danger. It must be said that Switzerland is more advanced than its European counterparts on this subject and, according to the law, « the worker is responsible for any damage he causes to the employer, either intentionally or as the result of negligence ». However, you might well not want to take that risk! So you must therefore ensure that there is good supervision in place for this practice.
A good way to effectively secure your employees’ accounts is also to impose the use of strong passwords. This includes using uppercase, lowercase, special characters, numbers, etc. as well as “passphrase”, which reduces the risk of someone breaking your password!
Implementation of a global policy
These tips only form part of what can be put in place to protect your information system. Site security can only be thought of in terms integrating all of these dimensions (i.e. technical aspects and particularly human ones), and by have a thorough knowledge of the platforms. Beware also of making the mistake of superimposing independent layers on your system or using tools that are not linked: a security policy must be derived from a global policy and therefore be applied as such. One last piece of advice: don’t wait for an attack to happen before you pay attention to computer security… It sounds like a cliché, but nobody is safe!