08:35 AM
Connect Directly

5 Cheap But Effective Tips To Improve Security

Periodically check for rogue wireless access points, plus four other simple, yet inexpensive, improvements you can implement to boost the security of your enterprise.

While a lot of security technologies come with impressive price tags, there are some fairly inexpensive things you can do to make your enterprise more secure.

We picked the brains of a handful of security experts and got their ideas for the five cheapest security changes that would have the most impact. We skipped the obvious choices, like creating more complicated passwords and not leaving the door to the building or the server room open. The experts gave us suggestions that ranged from using digital signatures on all sent e-mail, to what to not allow into the system, and what might be hidden in the office.

"There are things you can do to secure your network without it taking a hit on your budget," said Brian Dykstra, a senior partner with Jones, Rose, Dykstra & Associates, a computer security and training company. "One of the biggest mistakes people make is to think they can't afford to make any changes so they bury their heads in the sand. That almost always leads to a bad situation."

Here are five suggestions:

  • Periodically check for rogue wireless access points in corporate buildings.

    The problem here is that some companies don't have wireless access or they have restricted access, and some users will think they can sneak their own wireless access points in to make their lives a little easier. Maybe they want wireless from a conference room or from their desk. They set it up without IT's knowledge, or guidance, and they often leave it unsecured.

    That means a hacker who is targeting the company now has an open door into the network. "There's always rogue access," said Dykstra. "It's under the desk, or stuck behind a desk drawer. In any kind of large environment you go into, you'll find a couple of them. The IT managers will always say, 'Oh no, no. Not us.' And then you find the Linksys access setup."

  • Enable Windows Update on all computers..

    However, be sure to remember to verify that the systems actually are being patched, said Ken van Wyk, principal consultant with KRvW Associates.

    It's an easy step that will ensure that systems are patched as soon as possible, but Dykstra said it's "stunningly amazing" how many companies don't take advantage of it. "Whenever I'm teaching, people stop me and ask what they should do on their own computer to improve their security," he added. "I tell them to enable Windows Update. Let it automatically accept all [the patches] all the time. Your average non-IT person isn't going to make a smart choice about what patches they need."

    Another thing to keep in mind, though, is that not every computer will accept the patch update. Some glitch is going to shut down the update process before it's done and if the IT manager doesn't verify that it's gone through, an unpatched computer could put the whole network at risk.

    "Sometimes you'll go back and find out that there's a machine that always denies a patch," said Dykstra. "And here you thought you didn't have to think about this process, but this machine was actually never being updated. That's fairly common in a big environment."

    1 of 2
    Comment  | 
    Print  | 
    More Insights
  • The Business of Going Digital
    The Business of Going Digital
    Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest - August 27, 2014
    Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
    Flash Poll
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.