By Usman Choudhary, chief product officer, VIPRE Security Group
Vanishing budgets, reckless users, infected machines, unpatched software… This is what education IT admins are up against every day. How do you keep up? How do you ensure you’re meeting demands for the latest technology, while keeping students, faculty and staff productive, and your network secure – all while staying on budget?
Here are 10 security best practices to shore up your defenses:
Install Endpoint Security
Your best defense against the vast majority of malware is your endpoint security solution. Select one that performs strongly with independent tests such as AV-Comparatives. Look for advanced features that protect against prevalent threats like ransomware, and choose an endpoint security solution that offers protection at multiple attack points to defend against bad websites, phishing and spam, malicious URLs, zero-days and other online threats.
Restrict Administrator Rights
Only authorized, knowledgeable IT admins should have administrator rights to your PCs. While restricting rights may sometimes feel inconvenient, granting administrator rights to a broad user base is a major risk. To maintain the highest security standards, you must ensure that users cannot change critical settings, download and install whatever software programs they wish, or disable the security tools you’ve put in place. Fortunately, some malware is unable to execute and make malicious system changes if the user is logged in without admin rights, thus creating an additional layer of defense for users who may encounter malware.
Install and Update a Firewall
Whether it’s the Windows firewall or a third-party firewall application, be sure to install a firewall to defend against malicious network traffic. Firewalls monitor and control traffic in and out of your network. To protect users against downloading malicious content or to stop communication to harmful IP addresses, a firewall is a critical line of defense. Always keep it updated or it will start to miss threats.
Don’t ignore those prompts to update popular software applications used in your organization. In many cases, prompts to update Adobe, Java, Chrome, iTunes, Skype and others are to fix newly-discovered security vulnerabilities in those products. Cybercriminals exploit vulnerabilities to open a backdoor onto your systems so they can drop malware and infect your network. Implement an automated patch management solution to address this issue, or select an endpoint security solution with patch management included.