Providing a robust level of IT security involves surmounting two distinct challenges. Not only must IT support personnel deal with the current threats that exist in the known information security environment, they must also attempt to fend off other threats that are as of yet unknown. Sometimes these threats represent a new form of an old trick, a new virus, for example.
In other cases, an entirely new class of threats develops ‘under the radar screen’ such as the Trojan horse, which unlike the traditional computer virus, makes little effort to inject itself into additional files but instead is content to remain as a stealth program stealing information and transmitting it to cyber criminals for resale or nefarious use. Since not even IT security experts can predict with certainty what new forms of malware and delivery systems may be developed in the coming months and years, defending against the unknown represents a major challenge across the information security community.
What steps can small and medium-sized businesses take in order to protect themselves from this kind of rapidly evolving threat environment? Industry experts recommend a series of actions that will serve to hinder hackers and other cyber criminals in their efforts to penetrate a network and make use of the information they encounter inside it.
Scale down applications
One of the most important things that organizations can do is to scale down the number of different programs they have in use. Every program represents a potential security hole. The fastest way to close those holes is to uninstall every trace of programs that are not truly necessary to the organization.
Businesses should identify those applications that are mission-critical and think carefully about the need for all other programs. If employees are using more than one word processing interface, businesses should consider transitioning all workers onto a single one so that the other can be discarded.
Monitor applications more thoroughly
Any applications that remain should be monitored on a thorough and ongoing basis to make sure that they do not represent security vulnerabilities. This involves regular assessment of the programs and the timely application of patches and updates as they become available. This is best done with outsourced IT support in the form of a managed programs approach so that the organization will have specialists to rely on instead of in-house staff whose training may not be adequate.
Restrict administrator rights
A final helpful preventative measure against unknown threats is to limit the use of administrator privileges to special situations. Ordinary users should use credentials that do not automatically include administrator rights, since these are a key element frequently exploited by malware.