What is the best way to protect the President of the United States
for the four (or eight) years he’s in the White House. Have him in a
secure room where no one goes in and no on goes out.
Protecting your computers and network are the same. Ensure it’s not
connected to the Internet, do not attach any USB drives, don’t open up
email, do not download anything. Just keep it “off the grid” and in
fact, keep it sealed in a box.
Since these methods are impractical (if not down right silly) what can you do?
Chris Drake, founder and CEO of webhost, FireHost offers these very simple tips, based on two aspects: physical security and virtual security:
- Restrict physical access to servers, backups, and
databases that contain confidential information. If you don’t have a
lockable server cage available, keep them in an area with monitored
access. Minimally, store them in a locked closet or office.
your data so it will be available in the event of a fire, flood or
other unanticipated disaster. All backups should be encrypted. Never
backup plain text files by dragging/dropping them into a duplicate
directory. (read my Backup 101 article here)
removable media such as External and USB-based thumb drives from
accessing servers that contain confidential data. There are affordable
software solutions readily available to prevent Windows and Linux
operating systems from recognizing removable disks.
- All network
access points must reside behind a firewall. As an additional measure
of protection, lock down and prevent traffic flow thru ALL unnecessary
- Establish user permissions based on the minimum
amount of access necessary to fulfill job requirements, and ensure each
user has their own proprietary credentials. You should not permit
shared or group logins for any system, but it’s extremely important for
systems containing PII to have the most restrictive and identifiable
- Set passwords to expire routinely and
require high standards for password configuration. At minimum, strong
passwords incorporate capitalization, numerical elements, and eight
- Do not install software on your server
unless it’s absolutely necessary and it’s from a known vendor. Every
piece of software you install has their own security risk.
If you’re reading this and you feel overwhelmed, don’t worry. Hire a local technology consultant to assist. Some options are here.