As the EU National Cyber Security Awareness Month ends, we wanted to provide the top ten tips for everyday cyber security management.
Each day for the whole week we’ll be providing a couple of top tips a day to help ensure that both internal and external company data remains secure.
All organizations can benefit from reviewing their information security. Start with your own policy. Does it reflect all of the issues explored in these posts? Has everyone in the organization read it and does everyone know where to find it? Is it continually updated to reflect new threats and activities? And, finally, do you have the right technologies in place to enforce your policy at all gateways in both directions?
Top Tip 1 - Policy, policy and policy
The best security starts with policy.
- Policy focuses attention – on the things you need to stop, the things you need to keep track of, and the things you’re happy to allow
- Policy drives up compliance – when everyone understands what’s acceptable, responsible use becomes the norm
- Policy enforces fairness – by making the rules clear to all
- Policy protects – by respecting regulations demanding due diligence
- Policy prevents – by adapting the content to suit the policy without stopping business processes.
Creating a sensible policy is not difficult. Make sure everyone understands and accepts the rules and enforce the policy with technology at every gateway. Set up monitoring rules to detect possible misuse and continually review the policy to stay current with changes in legal requirements and ways fo doing business, for example, the way the web is used.
Clearswift SECURE Web Gateway products enforce your web security policy by filtering all web traffic in both directions. Traffic that breaches policy can be automatically blocked and reports and alerts generated.
Top Tip 2 - Fine tune the policy
When it comes to policy, one size does not fit all. An organization’s policy should reflect the way it does business. A music company, for instance, may allow the free exchange of digital audio files. Conversely, an engineering organization may block music downloads but allow the free flow of computer-aided design (CAD) files.
Even so, some policy rules are widely applicable:
- Block viruses
- Prevent and log spyware ‘call home’ activity
- Disable downloads of high-risk executable files and unauthorised ActiveX components
- Prohibit intolerant web content (such as racial or sexual discrimination)
- Restrict access to inappropriate sites (like pornographic pages and websites infected with malware)
- Prevent data leaks of known confidential and sensitive information
- Automatically remove critical information from communications that breaks security policy to prevent data leaks but ensure continuous collaboration.
With the basics sorted, it is sensible to tailor policy to fit the business. Certain departments or individuals may be afforded specific privileges or access rights, with other parts of the organization protected by wider policy rules.
An adaptable solution will give your organization’s policy flexibility, for example you could allow certain activities during set periods. Employees may be given controlled access to social-networking sites like Facebook over their lunch break, for instance. At the same time, it could be desirable to block uploading of certain content or file types, like spreadsheets or documents that contain critical information.
The point is that policy should dictate your technology, not the other way around. If your security solutions don’t allow the business to operate in the way you’d like, find better solutions.
Clearswift SECURE Web Gateway offers the best granular policy management in the industry. Clearswift pioneered policy-based content security and continues to lead the way.
Talk to us about simplifying your information security without compromise or contact us for an introduction to our adaptive cyber solutions.