Authentication & Authorization
Protect critical assets when providing network access to users working remotely and to third parties such as contractors and service providers. You should use network-, system-, file-, and application-level access controls and restrict access to authorized times and tasks, as required. Also, consider using data encryption and virtual private network technologies, if it is required.
Monitor & Audit
Use appropriate monitoring, auditing, and inspection facilities and assign responsibility for reporting, evaluating, and responding to system and network events and conditions. This means that you regularly use system and network monitoring tools and examine the results they produce; also use filtering and analysis tools and examine the results they produce, and learn how to response to events that warrants a response action. Also, make sure your employees are aware of whom to contact when they notice suspicious behaviour. Advice your system administrators to be up to date on the latest threats and attacks, and provide them with recourses on solutions over this problems.
Physical security is as important as network security. It is one of the most frequently forgotten forms of security because the issues that physical security encompasses - the threats, practices, and protections available - are different for practically every different site. The real danger in having a computer stolen isn't the loss of the system's hardware but the value of the loss of the data that was stored on the computer's disks. As with legal files and financial records, if you don't have a backup - or if the backup is stolen with the computer - the data you have lost may well be irreplaceable. Even if you do have a backup, you will still need to spend valuable time setting up a replacement system. Finally, there is always the chance that stolen information itself, or even the mere fact that information was stolen, will be used against you. There are several measures that you can take to protect your computer system against physical threats. Many of them will simultaneously protect the system from dangers posed by nature, outsiders, and inside saboteurs. So, we suggest you to use physical access controls (e.g., badges, biometrics, keys), where required. Also, use password-controlled electronic locks for workstations, servers, and laptops that are enabled upon login and after specified periods of inactivity. Control access to all your critical hardware assets (e.g., routers, firewalls, servers, mail hubs).
Continuity Planning and Disaster Recovery
Hopefully, by following this tips I mentioned above, I hope your systems or networks will never be stolen or damaged. But if that happens, you should have a plan for immediately securing temporary computer equipment and for loading your backups onto the new systems. This plan is known as disaster recovery. You should establish a plan for rapidly acquiring new equipment in the event of theft, fire, or equipment failure. You should also test this plan by renting (or borrowing) a computer system and trying to restore your backups, as I mentioned before.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.