June 8, 2018
In the early days of computing, cyber security was of little concern to most people. Hackers needed a tremendous knowledge of computers. They worked for weeks to quietly gain access to carefully selected machines only to leave a flag to celebrate their victory. But times have changed; the digital world is literally a battleground. Hacking tools designed specifically to take away any need for technical knowledge are readily available to anyone with an internet connection. A simple ‘auto-hack’ command can fire off a mass of exploits carrying crippling payloads out to every machine on a network. In our current digital landscape, having a constantly hardened digital security system is an absolute must.
Here at OPIE Software, we use a layered approach to protecting our network from this constant barrage. Hopefully some of what we do can provide you with a few tips and tricks to ensure you stay protected!
We have three main layers we focus on when considering security:
- The network perimeter,
- The machines in the network, and
- Our staff.
We use several different technologies and strategies on each layer to ensure we have the most protection we can get while still allowing our staff the freedom to do their jobs. For this article, we’ll discuss these from the inside out.
The Staff Layer
Your staff may be your greatest asset, but hackers will see them as your greatest weakness. In 2017, 77% of the attacks that successfully compromised businesses were ‘fileless’ attacks, which means they used systems such as macros in Excel documents that employees were tricked into opening. Ransomware alone cost businesses over 5 billion dollars in 2017. So how can you protect yourself from growing threats like these? It’s simple: knowledge sharing and security training. The more cautious employees are about attachments from unknown senders, the more protected your company is. And just because the sender looks like someone you know doesn’t mean that they really sent it. If in doubt, verify that they sent you a file before you open it. HIPAA requires yearly training so this is the perfect opportunity to talk about security and ransomware.
The Machine Layer
Moving outwards, we reach the machines themselves. On this layer, keeping an updated antivirus and operating system are your best protection. Security patches plug holes in your software that can be exploited to gain access to your machine or to run malicious code. You should always be running a software firewall, configured to only allow the minimum access necessary for your work. This firewall is usually part of the operating system or that may be part of a third party solution. Each machine on your network should also be running regular backups. Attacks like ransomware are extremely devastating because they have no remedy. Without backups, your only option to get your data back is to pay a ransom to someone that you know for a fact is unethical and hope they return your data. Throughout 2017, over 20% of businesses that got ransomware and paid the ransom got nothing in return for their payment. These backups should be tested regularly to ensure their viability .
System monitoring is also a must for servers. A good monitoring system can provide you with an early warning system in the event of a compromise and keep you alerted to any available updates for your operating system and relevant software. This monitoring should be sufficient to detect any activity outside of normal range. This may seem like a lot of work, and it is, but there is a silver lining to all of this; If you’re on OPIE Hosted, we do all of this and more on your server for you!
The Network Perimeter Layer
The final layer in a well secured network is the perimeter. A firewall appliance at your perimeter can both prevent attacks from ever entering your network in the first place and hide the machines in your network from attackers. Here at OPIE Software, we use multiple different perimeter security appliances. One of the most useful of these is a mail filtering appliance. An appliance like this is useful because it can stop fileless malware such as ransomware before it even reaches your users. While an appliance like this is no substitute for security training, its always a plus if you can reduce the risks entering your network. In addition to the mail filtering appliance, we have a hardware firewall that monitors all traffic and flags suspicious data for further inspection.
In the end, security is not just the job of your IT or security team, its everyone’s job. It’s a lot of work, and a constant never-ending burden, but sharing the load and relying on reputable third parties can make it bearable. At OPIE Software we always strive to do everything we can to help take some of that burden away from our clients and provide them with the training and support that they need. Stay safe out there!
Dennis has been working in server management and network security for over 10 years, and he’s still just as passionate and excited about IT as I was when he first started! At OPIE, he manages an incredibly talented team that keeps our internal and external servers and services running smoothly. Dennis supports a wide range of products and services to ensure that our development teams and support staff are always utilizing the most efficient tools for their jobs.