Principles to Ensure Good Enterprise System Security Architecture
“Employees will be company’s biggest threat” according to Experian. Data can be breached and companies can lose massive amounts of information in a matter of minutes. A good security system for your site can stop or limit the amount of damage hackers can do. Do not wait until your system is hacked, be proactive and setup your security system now. The following are a few principles to follow that will ensure your site will be better protected.
Secure the Weakest Area
Start with the weak spot in your system because if there is a weak point, hackers will find it. Even if it is not a security function or features, hackers will still go after this part because it is a weak area and it still links to your system. Once hackers are in, it only takes a few manoeuvres until they get the information they want.
UK police forces had 2,315 data breaches in 5 years, Do not use just one security or detection system, such as a firewall. Use a combination of a few, such as the firewall combined with an intrusion detection system. If one layer fails, the next layer will prevent your system from being breached. Just recently, the file containing the information of 112,000 French police officers and their families, did not use strong protection – just a simple password.
Give as Little Permission as Possible
According to Cisco “44 percent of employees share work devices with others without supervision”. There are times when you have to give other people permission to use something, whether it is a process or an application. When giving permission to someone else, make sure it is as little as possible, such as just enough to get their job done. For example, if they need access to your Outlook contacts, give them access but don’t allow them to edit these contacts.
Assume Nothing is Safe
A hacker will find out as much as possible about your system as they can, especially if secrets are stored in your code. The attacker may use everything from decompilers to disassemblers to analysis tools. Be prepared for this and use the necessary tools in your system to stop these attempts. The largest healthcare cyber breach in history, Anthem’s 80 million names, had been unencrypted internally.
Security Should be Usable
If your security system is too complicated or users can’t figure it out, they are going to find a way around it. Make sure your system is as secure as it needs to be, but not too complicated. Furthermore, make sure the system is still user friendly.
Keep Privacy in Mind
Privacy is on the forefront of everyone’s concerns nowadays, so keep this in mind when you have a security system. Users want their information private. If you do collect and store information, is it secure? Can it easily be hacked? What is the reason for collecting the information? It is a good idea to think about these things beforehand so you know the answers if and when questions arise.
Follow these principles to ensure a good security system in your enterprise. By having multiple layers and protecting your information as much as possible, hackers will be less likely to breach your data and gain access to important documents. Furthermore, keep your privacy as well as the privacy of your employees in mind so they are protected as well.
Wilson is a Tech Guru and Security Specialist at The PC Doctor – Australia’s Number 1 Computer Support company.
See GateKeeper Enterprise in action
Take a self-guided tour of GateKeeper Enterprise, the proximity-based centralized access control for secure identity and access management.