Cyber Security Best Practices

By guest blogger Josh Tafoya, Global Distribution Manager

Cyber security. The term almost seems overused at this point, like something the news anchors throw around with little understanding because it sounds sophisticated. But cyber security is actually a big, important subject. Homeland Security’s cyber security website alone is a treasure trove of information for the curious. Of course, part of it is very broad, giving general information. But other parts are very specific, like the section on Securing Federal Networks. It’s all good reading. It’s very informative. But it really isn’t what I’m here to tell you about.

The cyber threats faced by the U.S. Government are different in many ways from those of your average Monitoring Center. While there may be nefarious persons bent on stealing your data, they will generally not be as many, nor as resourceful, as those that might wish to cause the U.S. Government harm. But they are out there. To assume you are not the target of cyber criminals, because of the size of your operation or the nature of your customer base, is just wrong. However, it doesn’t mean that you’re stupid. It doesn’t even mean that you don’t care. It just means that you don’t know enough about it.

Most of the people trying to gain access to your network are just trying randomly to see if there is easy access. They are trying anything and everything. They’re casting a wide net because all it takes is for them to set their computer to scan IP addresses on the internet, trying different connections. It can run unattended for hours…days…weeks…or months, or years. If they search for vulnerabilities by trying to connect to everything they can think of on the internet, eventually they will find one.

This is why you have firewalls on your network. Why you don’t allow open requests into your network. Why the only requests that make it through are encrypted and secured (like the SSL certificate that encrypts the connections to your BoldNet). This is the sentry at your gate. Make sure you have a firewall in place. Make sure it’s locked down. If individuals or groups are trying specifically to access your network, they may be willing to spend more time and energy, but a strong firewall will still make it much less appealing.

There are some other security measures to consider. Passwords are used on every type of computer system. It is the best practice for passwords to be a minimum of eight characters long with at least one uppercase letter and one lowercase letter, one numeral and one special character. Passwords should be changed often. This is especially important on your firewall, which faces the world. If you can avoid outside connections to your firewall completely, even better. An IT professional can and should employ cyber security best practices everywhere on your network. Changing passwords may not be any of our favorite tasks, but it keeps your data safe.

One last thing worth mentioning which you may not have considered is called Social Engineering. A remarkable number of data breaches happen because a call is placed by a cyber-criminal, who confidently says “Hi, this is Ted from IT. I need you to tell me your password so we can make sure it matches what is on the server.” Now, small monitoring centers – Mom and Pop, if you will – know right away that neither Mom nor Pop is “Ted from IT.” But a larger organization may not. Within a large enough organization, employees may not even know the names of the IT staff, or there may actually be somebody named Ted there. So don’t ever give out your password on the phone. Likewise, emails asking for similar information should go straight to the trash. If your IT professional has a security concern, they will understand if you find an email sketchy.

I could go on and on. A simple blog post could never cover enough information to adequately teach you about all cyber security best practices and prepare you to protect your network. So go educate yourself. Search around the internet. Learn more. Remember, if a website looks shady, the business, services, or advice should be questioned. Start with who you know… Microsoft, Cisco, Sonicwall, etc. are good starting places.

Be safe out there!