By Usman Choudhary, chief product officer, VIPRE Security Group
Vanishing budgets, reckless users, infected machines, unpatched software… This is what education IT admins are up against every day. How do you keep up? How do you ensure you’re meeting demands for the latest technology, while keeping students, faculty and staff productive, and your network secure – all while staying on budget?
Here are 10 security best practices to shore up your defenses:
Install Endpoint Security
Your best defense against the vast majority of malware is your endpoint security solution. Select one that performs strongly with independent tests such as AV-Comparatives. Look for advanced features that protect against prevalent threats like ransomware, and choose an endpoint security solution that offers protection at multiple attack points to defend against bad websites, phishing and spam, malicious URLs, zero-days and other online threats.
Restrict Administrator Rights
Only authorized, knowledgeable IT admins should have administrator rights to your PCs. While restricting rights may sometimes feel inconvenient, granting administrator rights to a broad user base is a major risk. To maintain the highest security standards, you must ensure that users cannot change critical settings, download and install whatever software programs they wish, or disable the security tools you’ve put in place. Fortunately, some malware is unable to execute and make malicious system changes if the user is logged in without admin rights, thus creating an additional layer of defense for users who may encounter malware.
Install and Update a Firewall
Whether it’s the Windows firewall or a third-party firewall application, be sure to install a firewall to defend against malicious network traffic. Firewalls monitor and control traffic in and out of your network. To protect users against downloading malicious content or to stop communication to harmful IP addresses, a firewall is a critical line of defense. Always keep it updated or it will start to miss threats.
Don’t ignore those prompts to update popular software applications used in your organization. In many cases, prompts to update Adobe, Java, Chrome, iTunes, Skype and others are to fix newly-discovered security vulnerabilities in those products. Cybercriminals exploit vulnerabilities to open a backdoor onto your systems so they can drop malware and infect your network. Implement an automated patch management solution to address this issue, or select an endpoint security solution with patch management included.
Enforce Password Policies
Users may view password updates as a chore, but password implementation and enforcement are a must. Require strong passwords or passphrases to maximize effectiveness, implement regular updates and instruct users not to share them.
All computing devices, including laptops, tablets and smartphones, have screen-locking features for security purposes. Be sure to enforce a short lockscreen timeout as added protection, especially in environments where users can walk away from workstations without logging off.
Secure Wi-Fi Routers
Wireless routers and networks are notoriously easy to break into, so take extra precautions in securing them. Change the network names and passwords that come with each router, and don’t forget to activate its encryption capabilities. Use a separate Wi-Fi network for business guests. Also consider not broadcasting your network ID for added protection against hackers trying to discover and access your network.
Secure Your Browsers
Configure web browsers to avoid inadvertent malware downloads by users. Steps to take include disabling pop-up windows (which can contain malicious code) and using web filters that warn you of potential malware attacks and harmful sites. You should also pay attention to browser privacy settings to prevent any private information from being siphoned by fraudsters and cyber thieves.
Additional steps include limiting your users’ ability to install browser plug-ins, possibly disabling vulnerable applications like Adobe Flash, and always ensuring you’re using current and fully-patched browsers when possible.
Many machines come with built-in encryption, both at the disk and file levels. Take advantage of each device’s encryption capabilities to prevent data from getting into the wrong hands when laptops, external hard drives, USB drives and other mobile devices are lost or stolen.
Train and Recruit Your Users
Security isn’t successful in a vacuum—your users can be your biggest liability or your greatest asset. Engage with your users and educate them on security best practices, and why they are so important. Train them to spot threats or unusual activity, such as malicious phishing attacks or strange PC behavior, and to immediately alert your IT team.