Network security policies

Living in a digital world and being forced to work within networks, in offices or remotely, network securityhas to be taken seriously. Allow me to highlight a few areas for which you have to create security policies.

Every company’s network is made up of devices that transmit and store information. This can include internal and external systems, either company-owned or leased/rented/subscribed to.

To protect company data and reputation, it is essential to ensure that the network is secured from unauthorized access, data loss, malware infestations, and security breaches. This must be done via systematic end-to-end controls.

The IT department will be responsible for implementing, adhering to, and maintaining these controls. For the purposes of this document, “all devices” refers to workstations, laptops, servers, switches, routers, firewalls, mobile devices, and wireless access points. Where possible, these guidelines will apply to external remote systems and cloud services.

All devices should be configured using strong administrative controls, including complex passwords or SSL keys (which must be kept in a centralized password/key database that only the IT department can access). These passwords/keys must be rotated every 90 days or when an IT staff member has been terminated.

All devices should have only the access, services, and functions needed for them to function properly. Critical systems storing confidential data should be protected by firewalls with the bare minimum of ports opened only to those sources that should access them.

Security Response Policy

Good cyber and physical security can make or break companies. While it would be preferable that security breaches or incidents do not take place at all, they don’t necessarily signal the death knell of an organization unless responded to in a poor fashion (or not at all).

Companies with a complex security response policy, which identifies the appropriate steps to take in the wake of a security problem are much better aligned to survive the process intact.

The purpose of a Security Response Policy is to outline the security incident response processes which must be followed. It will identify and resolve information security incidents quickly and effectively, thus minimizing their business impact and reducing the risk of similar incidents recurring. It must include requirements for both end users and IT administrators.

All employees, whether full-time, part-time, contract workers, consultants, part-time staff, interns and temporary workers, and other personnel have to be covered by a Security Response Policy. It should also apply to all company-owned equipment, and employee-owned equipment used to conduct company business or material related thereto.

Perimeter Security Policy

As the saying goes, a chain is only as strong as its weakest link. This applies more than ever to cybersecurity implementations designed to protect organizations from malicious attacks, intruders and vulnerabilities.

While security principles should apply throughout the organization, locking down the perimeter and ensuring only necessary connections get through is an especially critical goal.

Whether traffic is going from outside to inside or vice versa, having a strong, comprehensive and reliable perimeter security policy is integral to securing organizational data and the employees who use it to do their jobs and conduct company business.

The purpose of such a policy is to provide guidelines for securing the organization’s network perimeter.

Mobile Device Security Policy

Mobile devices are commonly used to conduct company business which can render them more susceptible to risk than desktop or even laptop computers. Desktops are routinely stationary devices and laptops are harder to lose than smartphones or tablets, being more sizeable. In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops and laptops are just as applicable to mobile devices.

With this in mind, it’s important to establish and follow specific, comprehensive guidelines for securing mobile devices from loss, attack, or misuse.

I hope, these reminders of network security policies are helpful; should you need further assistance, contact me at [email protected]