In today’s rumor-driven and data-hacking world, you can’t be too careful with your information. When discussing cybersecurity, there are two key areas that must be addressed: firstly, the physical hardware of your network; secondly, the personal and professional data stored on these machines. At that point we need to ensure that our security is as tight as possible in order to keep hackers out and customers protected.
We have created a list of 11 best practices from https://macledge.com/ to help you secure your data and hardware, with some recommendations on how to implement these solutions.
Physical Security
Physical security is the first line of defense when it comes to cybersecurity. Even if you have the best network in the world, hackers will always look for the weakest link in your defenses. What good is having high-tech security software if someone can simply walk up to your server room during business hours and plug something into it? Here are some ways that you can keep people from physically tampering with your equipment.
1. Secure The Doors: This may seem like a no-brainer at first, but many people do not take this step seriously enough. Make sure that your server room has a secure door that only keyholders can enter. Some businesses go as far as to even have their server rooms in different buildings than the rest of the company – so that if there is a break-in, it doesn’t spread to other parts of the building. Lock down your data network and server room and don’t let anyone in unless they absolutely have a need to be there.
2. Use Alarms: Some businesses use old-style alarms that will alert you if someone attempts to open your doors or windows, while others use newer motion sensors that can alert you via text message or email when someone enters or leaves a room. Even if you have an alarm system, make sure that the alarm is more than just an automated notification. You should also have a fire alarm system in place. If any of your servers or computers are ever damaged or destroyed, you want to be alerted as soon as possible, so that you can address the issue immediately.
3. Use Security Cameras: A good rule of thumb is that if you don’t know who’s coming in and out of your business, then leave a camera in every single room. This will help to catch anyone trying to break into your business and it will deter any criminal activity against it.
4. Train Employees: It is important to train your staff on what to do in case of a security breach. If you have a plan with clear instructions on how to act and who to contact, then it will be easy for staff to follow these procedures.
5. Add Security Updates: All software has bugs in it and companies are constantly releasing security updates to address them. As the owner, make sure that your staff is familiar with the current updates and how they apply to your network. If you don’t update regularly, you may be leaving yourself exposed.
6. Do Not Leave Keys In Your Server Room: Have a key-only code system where you will only release keys to people who have a need to have them, and then only when necessary. Have the appropriate process in place so that you don’t accidentally create extra access codes.
7. Always Change Passwords: It is wise to change the passwords for your central servers daily, especially if you are running a large network. If someone were to get hold of your login information, it would be much easier if they could use the same password over and over again. Make sure that each password is at least eight characters long and has symbols, numbers, and upper/lower case letters as well.
8. Know Who You Are Dealing With: If a technician comes into your network for the first time, be aware of what they are doing. If they have an ID badge that you can’t read or if you don’t remember seeing them before, ask to see their credentials before allowing them onto the network. Make sure that your staff is trained and ready to help customers with their IT issues, so that engineers can focus on making critical changes.
9. Change Default Passwords: Many people think about this after the fact. If a hacker gains access to just one piece of equipment in your network then it can use it to create backdoors in all of your other machines and servers. Instead, change your default administrative and user accounts at the beginning of every year.
10. Disable Guest Users: If you are using a free software tool like OpenLDAP or Active Directory then it is wise to disable guest users. Give only staff members who have a need to access the network access to servers and networks that they need to be working on. It will also help to keep unauthorized people from trying to gain access to your network while doing routine things like checking email, accessing web pages, or downloading files from the Internet.
11. Encrypt Everything: Many people choose not to encrypt their hard drives because they believe that someone would still need access in order for them to receive the data when they send it. However, if a data thief were to gain access to just one file server in your company, they could use that machine to get access to the rest of your network. Make sure that you encrypt all of your drives so that no one can easily decrypt them and steal files.