Pickering & Associates - May 12th Seminar Directions

Are You Really Secure?
Dealing with Security Nightmares in Broad Daylight

When you think about your security strategy, do you ask yourself if you've done enough? Have you covered all the bases? If you haven't, is there a work-around or some other risk-mitigation plan in place?

Dealing with security threats never changes. Whether it’s responding to a new virus, upgrading firewalls, or installing antispyware software, there’s always some threat that needs to be fixed, patched, or planned for.

While a company's IT systems may never be perfectly secure, IT managers should be able to identify and mitigate risks. Networking specialists understand the concept of setting a baseline: becoming familiar with what normal activity and thresholds are, so that when abnormal activity pops up or normal thresholds are exceeded, you can spot it.

The choice you have is to continue to work on improving your company’s cybersecurity practices!

Spam is dangerous and costly for business.
It disrupts networks, cuts productivity, spreads viruses and is increasingly used by criminals who steal passwords to access confidential information. Private companies providing Internet access to employees or customers have obligations to:

Establish clear e-mail use guidelines.
Monitor the Internet for websites that copy their site in an attempt to steal customer data in phishing attacks.
Educate their customers about the potential for faked e-mail messages.

As much as 98% of bad messages get filtered out by antispam and antivirus software. But the few messages that wriggle past increasingly sophisticated filters constitute the greatest threats from the Internet.

IM is the new threat vector in messaging.
A piece of instant-messaging malware called Heartworm is targeting users of Microsoft's Windows Live Messenger service, masquerading as an e-card and delivering an executable that draws personal and financial information off PCs.

Until now, at least, users have had to click on an HTML link for an exploit to work. But security analysts fear that it is only a matter of time before an e-mail exploit becomes available that will be launched without any user interaction.

Firewall conversion and upgrades are necessary.
When it comes to firewalls, moving from one to another can be a daunting task, so many IT managers opt to stay with what they have because upgrading or going for rip-and-replace is too complicated. Some major firewall manufacturers have conversion tools that do 80 to 90% of the conversion between brand A and brand B, but you still need a clever person with their brain turned on to do the rest.

The best security approach is applied in layers. Here is a checklist to consider:

Protect your servers by hardening them.
Patching is perhaps the single most important thing you can do in a Windows environment.
Monitor event-log information and services running on each server.
Control access to resources and systems.
Install firewalls at each entry point.
Ban wireless from the network.
Desktops – Lock down or harden the operating system on desktops and keep all patched and protected with automated tools.

Technology is a small part of the security solution. People are the big part.

Compiled from a variety of Internet Sources