SECURITY

Security goes well beyond locks and passwords. Security has to be part of the culture of an organisation. Simple decisions make all the difference when it comes to protecting your data, and there are a myriad of ways that people can either destroy or capture your data without the right systems in place.

Usernames and Passwords

Depending on your network, usernames and passwords are the only things separating your data from prying eyes. This is one of the primary benefits of a server based network, centralising of data that is password protected and encrypted. Even without a server, Network Attached Storage (NAS) can provide security for your data by using usernames & passwords to protect access to your data, and encrypt the data on the drives so no one can access it if they steal the NAS.

Permissions and Access Levels

This should be determined before you actually start adding usernames and passwords to the network. This function of a server or a NAS gives the ability to have data securely managed at folder levels. For example, the financials folder will be accessible only by the accounting personnel, and not the sales or production staff. Each person can also have their own drive which no one else can see for personal or private files (photos etc) and this, like all other folders, can be given a quota so that they do not take all the storage space for movies or device backups.

APM Communications can assist with a folder schema for your organisation in consultation with you and your staff to determine how your organisation works and what needs you have.

Physical Security

The first line of defence! Another benefit of a server or a NAS is that it does not have to be located at a desk where someone sits, but can be located in a physically secure location on-site or off-site. In large organisations with on-site servers, there is a dedicated room with floor panels for cable access, climate control, and separate power circuits from the Main Distribution Board (MDB). This room is usually secured with a digital combination lock rather than a key in case of emergencies or theft.

In smaller organisations, this type of solution is overkill, but we can follow similar philosophies on a much smaller scale: 

  • have a separate area for the servers, switches and internet connection points

  • ideally, have them separated by a locked door and do not have them anywhere 'obvious'

  • try to ensure the room is relatively controlled from heat

  • try to separate the power circuit at the MDB

Anti-virus software

I use this term broadly as it is easy for people to identify with, but included in this is anti-malware software, Operating System updates and security fixes, service packs and internet browser updates. 

I cannot stress enough the importance of keeping all software up to date, and for anti-virus and anti-malware scans to be scheduled and performed regularly.

Many times I have seen desktops with out of date virus definitions. How is yours right now? There are many different software titles for security that can either be purchased or are free for basic use. Open source software is a great alternative for small businesses or home users that are price conscious. Some of the larger vendors have software that can be centrally managed with alerts that can go to an administrator.

Again, APM Communications can assess your needs and provide the best solution for you.

Backups

This really is a form of security, and also needs to be a consideration for security. I am not sure how you backup at the moment, but where is the backup tape or drive kept? Who has access to it? How do you transport it? Is it encrypted, or if I got hold of it, could I get hold of your data?

Make sure your backup policy is thorough: how often backups are done; what is backed up; restorations work and are checked often; what to do if a backup fails; responsibility and accountability for the system; software is appropriate and up to date.

Where to from here...?

When was the last time your network, no matter how simple, was audited? There are a number of considerations, but security has to be one of the top priorities. Even if just getting a policy and a culture in place is all that happens at first, getting clarity on what is needed, and working towards it, is the first step to a secure organisation. 

Call APM Communications today for a network audit and assessment. We will discuss critical areas that should be altered in the short term, and set a plan in place to rectify any other issues that we see could be causing issues in your network. Then, after determining your business goals, set a longer term plan to move forward with your IT infrastructure.