Data Protection Tips for New Network Administrators –

Data Protection Tips for New Network Administrators

One in five SMEs has experienced a security breach during the last year in the United States. That figure is even higher in some European countries. In Spain, that figure is one out of every four companies, according to the ‘Study on information security and business continuity in SMEs’, published by the National Institute of Communication Technologies (INTECO). In addition, according to another study by the same organization, eight out of ten computers are infected by malicious code.

The use of computers in SMEs is considerable, with a penetration of approximately 95% and a growth rate of almost 1% in recent years. Investment in information and communication technologies is necessary because it increases employee productivity, but it entails a series of costs associated with increased exposure to security breaches. However, as a result of the crisis, there are many companies that, in an attempt to reduce costs, are investing less and less in protecting their IT equipment, thus making the information stored on it more vulnerable. But is this expenditure really dispensable?

There are a lot of steps companies can use, such as using SD-WAN solutions by firms like Flexiwan. However, companies need to know why they need to make this investment in the first place.

According to Panda Security, a company based in Bilbao, Spain that is dedicated to IT security, there are three main reasons why SMEs in their country do not devote sufficient resources to IT security. The biggest reason is that it is expensive (33%). Another major reason is that it is not considered important (8% of companies gave this as a reason). Finally, 8% opposed it because a security system consumes a lot of virtual resources. The biggest problem continues to be the cost, but even so it is not an expense that should be dispensed without any consideration.

Practical tips for protecting a company from security threats

A report produced by Microsoft in 2009 outlined nine steps to implement IT security in your company. This report provides some very practical advice on the subject. According to the software giant, it is necessary to emphasize the need for a change of conception, which entails the use of switching from reactive to proactive measures in terms of security and explains a series of security tips that should be taken into account. These guidelines include the following:

  • Establish a security policy, which can be reflected in documents and forms the basis of a company’s security environment and define the responsibilities, security requirements and roles to be followed by employees.
  • Protect desktops and laptops from malicious code. Viruses, Trojans and, in general, any malicious software can infect our computers and make them vulnerable to any malicious third-party. The answer seems obvious, but is not always applied: install an antivirus and due to the speed with which information systems (including malware) advance, keep it conveniently updated.
  • E-mail and Internet access in general are often the biggest problems a company faces in terms of IT security. Even the best security aimed at external third-parties is not enough to prevent a company employee from installing (most likely unintentionally) a malicious application that ends up infecting other computers or possibly the company’s own servers. Applying a firewall or avoiding unwanted e-mail (spam) are some of the solutions to be taken into account.
  • In this sense, if our company works with computers connected in network, it is essential to protect it. Leaving a single person or a very small group of people in charge of managing this security is a good idea. Although expensive in principle, neglecting to do so can be much more costly in the long run. Using strong passwords for network access (not the typical “1234”), protecting the Wifi network, for example by hiding the SSID or using WPA2 encryption or configuring a firewall at the network level can be good solutions.
  • As soon as the servers are infected, the rest of the network is susceptible to infection. It is advisable to identify the websites and establish secure connections with our clients, if possible, by using web certificates. It is also highly advisable to keep physical servers in secure locations or with restricted access to avoid possible theft and prevent them from being vulnerable to physical catastrophes.
  • Keep data safe. Although this premise is quite obvious, unfortunately there are many occasions in which it is not followed. It is important to back up our systems periodically, encrypt confidential data or use uninterruptible power supplies (UPS) in case we use desktop computers.
  • Implementing an active directory facilitates both security and functionality tasks, centralizing the propagation of permissions to users and facilitating the structuring of information. It is convenient to have our database services updated.

You need to take adequate measures to keep your network safe. The guidelines listed above can be very helpful.