What things would you do today to secure your network? The answers are myriad, but I would suggest these seven things:
- Use two-factor authentication.
- Encrypt all data, period.
- Segregate differing data onto separate networks.
- Follow the principle of least privilege (ensuring that users have the access they need to do their jobs and no more).
- Monitor network traffic to uncover unusual traffic patterns.
- Get the low hanging fruit: Update software, install security patches, remove non-approved software (and hardware) and make sure default settings aren’t creating vulnerabilities.
- Set employee policies that recognize the realities of the intentional and unintentional security threat posed by employees.
4/6/15: A bonus 8th item: ensure that your physical security is sufficient.
4/14/15: Regarding #6: According to Reuters, a soon-to-be released cybersecurity report by Verizon found that “while major new vulnerabilities such as Heartbleed are being used by hackers within hours of their announcement, more attacks last year exploited patchable vulnerabilities dating from 2007, 2010, 2011, 2012 and 2013.”