What is the best way to protect the President of the United States for the four (or eight) years he’s in the White House. Have him in a secure room where no one goes in and no on goes out.
Protecting your computers and network are the same. Ensure it’s not connected to the Internet, do not attach any USB drives, don’t open up email, do not download anything. Just keep it “off the grid” and in fact, keep it sealed in a box.
Since these methods are impractical (if not down right silly) what can you do?
Chris Drake, founder and CEO of webhost, FireHost offers these very simple tips, based on two aspects: physical security and virtual security:
- Restrict physical access to servers, backups, and databases that contain confidential information. If you don’t have a lockable server cage available, keep them in an area with monitored access. Minimally, store them in a locked closet or office.
- Backup your data so it will be available in the event of a fire, flood or other unanticipated disaster. All backups should be encrypted. Never backup plain text files by dragging/dropping them into a duplicate directory. (read my Backup 101 article here)
- Prohibit removable media such as External and USB-based thumb drives from accessing servers that contain confidential data. There are affordable software solutions readily available to prevent Windows and Linux operating systems from recognizing removable disks.
- All network access points must reside behind a firewall. As an additional measure of protection, lock down and prevent traffic flow thru ALL unnecessary ports.
- Establish user permissions based on the minimum amount of access necessary to fulfill job requirements, and ensure each user has their own proprietary credentials. You should not permit shared or group logins for any system, but it’s extremely important for systems containing PII to have the most restrictive and identifiable access points.
- Set passwords to expire routinely and require high standards for password configuration. At minimum, strong passwords incorporate capitalization, numerical elements, and eight characters.
- Do not install software on your server unless it’s absolutely necessary and it’s from a known vendor. Every piece of software you install has their own security risk.
If you’re reading this and you feel overwhelmed, don’t worry. Hire a local technology consultant to assist. Some options are here.