3. Delete employee account when this person leaves the company
Infringement of security will be easier when attackers take advantage of information from within the company itself. Therefore, it is necessary to delete the user's account when they no longer work at the company even if the person leaves the company in any way.
4. Review security records
A good administrator must read and review the system's daily log. Because security log is the first line of defense to record the time of logging in and out of the user's network.
For example, when reviewing the security log of a Windows operating system server, the administrator reviews 529 events (error log - not knowing the username or password incorrectly). That said, the administrator needs to determine if this valid user has forgotten the password or that the attacker is trying to access the system.
Logs in the Windows security section are somewhat confusing, but there is a website that defines almost every event recorded in the log.
5. Scan the network regularly
Regular network scanning will help administrators know if any devices are installed on the network and installed at any time.
One way to scan the network is to use a net view command available in Microsoft's operating system or using free programs like NetView
6. Monitor network traffic externally
Today, malicious code or computer worms have become more sophisticated and difficult to detect. One way to detect them is to monitor network traffic externally. The suspicion will increase when the number of outbound connections or total traffic surges from normal levels. From this tracking it can be detected signs of stolen information or the email engine is attacked by spam.
Most current firewall applications can dodge traffic outside and often give the message as shown below:
7. Fix and update regularly
Keeping your operating system and application software up to date is the best way to avoid bad guys taking advantage of vulnerabilities in software to attack the system. It's simple if the operating system and applications have no vulnerabilities, the bad guys won't be able to find the way to the system.
Using products such as Microsoft Baseline Security Analyzer or one of Secunia products is the most effective way to make sure your computer is secured. Therefore, users should update all necessary patches.
8. Make a good security plan
Depending on the size of the company, we should have a reasonable security plan. A reasonable security plan is really invaluable because everyone in the company can work continuously without being interrupted by the attacks and is a safe solution to help users less worry.
Security plans should follow what the business needs. In order to set up a company's security plan, administrators need to know where the data is stored, how many employees store information and how to make an exchange between internal and external information for planning. Best security. Users can learn more about Microsoft and NIST's security plans.
9. Increasing understanding for users about information security
Training to increase the knowledge and awareness of security issues for users is essential. This will contribute to increasing the performance of employees in the corporate environment. From a sense of security, employees will know how to protect themselves and prevent attacks from online attacks.
10. Problems for higher management levels
Requiring a higher level of management to make security policies and equip the necessary security technology for the system is really difficult. And if they have management approval, they don't think that security policy should apply to themselves. Moreover, changing the regular senior manager can happen in the company. Therefore, when changing managers need to review the information security issues in the company.
The above are 10 very simple solutions that people can perform as well as help users realize the habits of using computers which will create vulnerabilities for criminals who are easy to exploit.