By Eric Payne, Sr. Security Architect

Guarding against threat of an attack from hackers starts with protection of technology platforms.

Security is a top focus for most companies. The playing field has been leveled — large or small, the same security risks apply to all. The bad guys don’t care who you are, where you come from, what industry you’re in or your social status. Hackers consider everyone equal opportunities to exploit.

Professionals in the technology industry are working overtime to deliver new solutions. Before we get caught up in what’s next, have you covered the basics? Have you closed the doors and windows and limited the number of keys you are handing out?

To a point, it is that simple. Technology advances so fast we often get caught up in keeping up and forget to maintain what we already have. An important thing to remember is the concept of defense: If you can reduce the size of your attack vector (the path or means by which a hacker can gain access to a computer or network), you reduce opportunities for your opponent to win.

Here are four approaches to take to improve the security of your technology platform. These are basic steps that should have been in place for some time. The reasons to do them might have changed, but they are still tried-and-true measures.

Do your users have an eye open for problems?

Users can be the easiest way for attackers to penetrate your perimeter. When users are properly trained and don’t instantly click every link, you will see significantly reduced security incidents. This reduces infections, data loss and even help-desk calls and IT support to clean up systems. Ultimately, user training can be the most important piece of the security puzzle. To grade your users, start with some baseline testing to see how your users react to phishing emails. Next, analyze the results to identify what training your users need. Ensure that the proper training is provided to and attended by users, and finally retest and measure the results.

Is your software patched?

Applications are buggy. When those bugs become exploitable by attackers, they are considered vulnerabilities. Maintaining regular patching schedules can be difficult but is extremely important to prevent attacks. Operating system vendors typically provide patches monthly. Patches don’t stop with the operating system. Every application that gets installed will need patching as well. Third-party applications are pushing patches more frequently as well, and they may not adhere to any sort of schedule, releasing either whenever it is convenient for them or when critical issues are fixed.

Do you have a backup?

Of course, you do. But the question is, what if you need to recover must-have data from your backup? Can it be done within a reasonable time frame to avoid significant business production and revenue loss? It’s not enough to say you perform backups anymore. We recommend a modern backup solution that utilizes the cloud and is managed. Make sure you test it and can restore within your determined recovery-time and recovery-point objectives.

Do you have unneeded software in your environment?

As previously noted, one of the best ways to protect your environment is to reduce your attack vector. This can be done by uninstalling unneeded software from your endpoints. Having software you don’t need creates an unneeded risk and, back to point No. 2, needs to be patched. Many users recently experienced a scare with an application called CCleaner. While CCleaner is a legitimate signed tool, hackers were able to break into the parent company and inject malware into the digitally signed software to attempt to compromise the networks of some of the largest technology companies. We understand that your business needs many third-party applications for a variety of reasons. The best course of action is to make sure you track them. Have a review process in place to identify and remove applications that are no longer needed. When you bring in new laptops, make sure you take off preloaded software the user doesn’t need. Proper management of software applications might seem like extra work, but in the long run, it will save you time by preventing the need for patches and, more important, preventing security breaches.

Security is a challenge. You can’t afford to ignore it or go it alone. If you have a security operation center or security engineers on staff, they probably have you covered. If you don’t have these resources at the ready, consider utilizing a security-managed services provider to help you get the job done. Once the basics are covered, a security-managed services provider will know the next steps to apply more advanced security services to your environment.