7) Test, test, test. Testing is mandatory to ensure that security works as expected. This includes having trusted people (or third parties) attempt to hack into the system with a remote device and ensuring that authorized people can continue to access the network as desired.
8) Employ two-step authentication. For the best protection, this means more than a PIN and password. Typically, it's a combination of something a person knows (password) with something he has, like a token. Some 60 percent of Aventail installations include security tokens, Hopen says. If a company is small and has only a few people who need authorization, then it might want to consider using pre-shared keys. Larger enterprises should rely on tokens that change the keys on a predetermined basis. Hopen, for example, carries a token on a key chain that changes the key every 60 seconds.
9) Audit/monitor results. This is important not only from a security standpoint, but also for Sarbanes-Oxley compliance, Hopen points out.
10) Understand security is an continual process. IT leaders and all staff must realize that security is an ongoing process, not a one-time event. As Matthais notes, “You’re never done” when it comes to network security.