Trustaira Blog
January 11, 2017        Trustaira Staff


Coporate Security Best Practices

In the previous article, we talked about some major corporate security risks and their solutions. In this article, we are focusing on corporate security best practices. There are many; but like stated before, we will talk mostly about those which are applicable from our country’s perspective.

1. Encryption

Encryption is a process of securing data, information, and device in a way to prevent being accessed by untrusted third party. To decrypt the information or device, encryption key is essential.

Consider all the possible security risks and the possible huge impact on your organization as the result of a successful attack. To remain secure from this, encryption of your data is necessary. Even in the aftermath of a successful attack, attackers won’t be able access or read your data, provided that device is encrypted properly.

2. Removable Media Policy

No removable media policy? Oh well. You have plenty to worry!

Removable media such as DVD, CD, memory card or flash drive are primary source of information theft. They can also be used as the source point of malware introduction to a system or network. Potential damages also include reputational damage and financial loss.

To deal with these risks, a proper corporate security policy is required. Limiting the usage of removal devices and scanning all devices for detecting malware can also be effective on preventing potential attacks. A quick Google search on the phrase “Removable Media Policy” will show you the importance of this practice in the corporate world.

3. Usage of Digital Certificates

Digital certificate can be defined as digital form of identification. It does the similar job of a national ID or passport in the digital world that is to provide information or authenticity of a person or an organization. It also helps to exchange information and data securely over the internet with the help of PKI (public key infrastructure).

Among many other things, a digital certificate can contain certificate holder name, serial number, validity period, algorithm identifier and signature of the certificate issuing authority. It is highly advisable to use digital signature in every possible scope to ensure corporate security; starting from signing into your websites to sending messages or email to others.

4. Keeping System Logs

Think system log file as a journal. Its keeps track everything going on in a machine or a network. From a successful installation of a new software to an unsuccessful attempts of login to a system. It keeps record of everything. So as you can see, it becomes invaluable on the eve of a successful attack. In the best case scenario, after a failed attempt of an attack it can be handy. It provides detailed information about how and when the attack happened. Sometimes it also helps to track down the attacker. So, it is essential your organization keep track of at least one year old systems logging history.

5. Provide Necessary Education and Training of Users

Make sure to organize regular workshops to raise awareness about corporate security threats

No amount of corporate policy will be able to stop security attacks if the users are not prepared well enough. If users do not know the possible risks of clicking any link or banner that may appear on websites, or if they keep on giving information about their corporate environment every time someone or some web form asks them to, then unfortunately no software or hardware solution will be enough to prevent cyber-attacks. So educating users about security risks and how they should behave on social platforms is very important. Only one seminar per year on security awareness certainly won’t do it, if that’s what you are planning. You will need to keep them constantly up-to date with latest security news, alert, attack trends, attack techniques to avoid it.

6. Implementing Least Privilege Principle

While this concept doesn’t get enough importance or attention, it is crucial that you apply this principle on your respective corporate environment. Least privilege principle makes sure that a user or system avails only the absolute necessary control/privileges that the person needs to do any particular job. Giving unnecessary higher access control to anyone can lead to many complications. One of the most occurring attack for ignoring this principle is, privilege escalation. According to Wikipedia-

Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

When a certain user, system or application is granted unnecessary excessive privileges, this happens.

Before concluding, I would like to emphasize on the matter of maintaining regular updates on security patches.It is essential for your organization to keep software and hardware up to date with latest updates, patches, virus definitions, anti-malware signatures and vice versa.

That’s it for today.

Subscribe to our newsletter to stay up-to date on latest security news, threats, tips and many more.

Don’t forget to share it.

Take Care. Bye.