Olofsen Security Consultancy

Security policy is a definition of what it means to be secure for a system, organization or other entity.

An IT Security Policy identifies the rules and procedures for all individuals accessing and using an organization's IT assets and resources.

For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls.

Top 5 most important security policies to implement and monitor:

1) PASSWORD MANAGER
The average person simply cannot remember enough strong and unique passwords for all the sites that require a login. Most people compensate by creating weak passwords, using the same password for multiple sites, or storing passwords in a document. Stolen, reused, and weak passwords remain a leading cause of security breaches. A password manager will automatically generate passwords using the best available cryptography and will keep you safer than anything you could do on your own.

2) MULTI-FACTOR AUTHENTICATION (MFA)
Traditional username and password protocols are too easily hacked or accessed by impostors. It takes just seconds for hacking software to test thousands of stolen sign-in credentials against popular online sites. If a username and password pair is recycled, it’s extremely likely it will unlock other accounts. And, to make it even easier, there is already at least one known collection of 1.4 billion plain-text passwords circulating online. Since passwords are no longer good enough to protect your assets & data, the additional security layer through MFA is imperative.

3) EMPLOYEES TO USE A VIRTUAL PRIVATE NETWORK (VPN) ON ANY PUBLIC OR UNSECURED NETWORK
Public and unsecured networks are easily hacked because they are not password protected and lack basic security measures. When users connect to unsecured WiFi, there is high risk of exposing personal or sensitive data as it passes through the network’s unencrypted connections, which makes intercepting and stealing data quick and easy. If you have to be online and view or send business information — always use a trusted VPN to create an encrypted tunnel and secure your sessions.

4) ESTABLISH LAYERED SECURITY PERMISSIONS FOR DIFFERENT LEVELS OF ACCESS
People with access to multiple internal systems are targeted in phishing attacks because they often have privileged access to critical systems that could allow an attacker to access an administrator machine.  Empower the security team or network administrator to create different authorization levels. For instance, registered users may be able to access a few pages that pertain to them but not the larger network or more sensitive information. This may not stop the serious hackers but will at least create a higher bar of entry.

5) IMPLEMENT DNS AND FULL-PATH URL FILTERING TECHNOLOGIES
In addition to your anti-virus, spam filters, and other network protections—DNS and full path URL filtering technologies are wholly managed security features designed to keep you and the rest of your company safe from all manner of online threats. Further, as the threat landscape evolves and single-use URLs become more prevalent in phishing and malicious attacks, an in-line detection solution may be the only method to enable maximum user protection through zero-second detection.

By using this website you agree to our privacy policy and cookie statement.