In July 2015, Google released an important paper on how security experts stay secure as opposed to less sophisticated users. Average users rely on antivirus software, use strong passwords, only visit websites they know and don’t share personal information. While these aren’t necessarily bad practices, they can seem a bit like a cargo cult where people take these steps without really understanding the underlying principles.
Security experts tend to follow a scheme that looks deceptively simple: they keep their software updated, use unique passwords, use strong passwords and use a password manager. All of these practices are easy to carry out on an individual machine, but how do you scale up to an enterprise?
You probably know how easy it is to keep your own computer secure. How about managing tens, hundreds, even thousands of computers? It’s also surprisingly easy to scale up security to the enterprise. All you need are the right tools.
Keep Your Software Updated
The best defense against hackers is keeping all your software patched. It’s an arms race with the hackers to discover security breaches before the vendors do. That’s why it’s important to keep all your software as up to date as possible.
That’s why Windows 10 requires users to actually install updates for the home versions, which hasn’t necessarily been a popular decision. Business users can hold off actually installing them, so they can make sure the updates don’t break anything, but they’ll have to install the updates eventually. The faster update cadence in Windows 10 is an attempt to keep up, with weekly cumulative updates.
While Linux distributions offer various package managers and Ubuntu offers business users a paid tool to synchronize updates across fleets of computers, most businesses are going to be running Windows and are only going to wait to upgrade to Windows 10 until the bugs are completely ironed out.
That makes the use of third-party tools to manage software updates important. One possible tool is Ninite Pro. While Ninite lets ordinary users download, install and update a range of popular applications, Ninite Pro lets businesses manage updates across large numbers of computers. Large organizations like NASA and Tupperware already rely on it.
Windows Server Update Services (WSUS) let you roll out Windows updates from Windows Server installations to Windows desktops.
Use Unique/Strong Passwords
You probably already know not to use the same password everywhere. But, in practice, it’s not always easy to use unique and strong passwords everywhere. Even the lowliest office worker will have multiple logins with usernames and passwords to remember. There’s a lot of temptation to reuse passwords across accounts. Attackers know this, and if they can break into one account, they know that it can be the domino that brings down an entire organization.
Using unique and strong passwords is something that experts and non-experts have in common, according to Google’s research cited earlier.
You can encourage good password use by doing things like sending out periodic reminders to employees, all the way to requiring users to change their passwords every so often.
That’s why it’s a good idea to have a little help in picking good passwords, which leads to…
Use a Password Manager
While using strong and unique passwords ranks up there with working smoke detectors as an essential practice, it’s hard to remember all of the passwords for the different accounts most people have. Using good passwords was something that both expert and non-expert users had in common, but smart users know when they can automate tedious processes. Password managers are a good example.
There have been several tools to help users keep strong passwords with a minimum of effort. The most well known is LastPass. While LastPass is best known as a consumer-based application, the company offers a version for enterprise designed to support large organizations. LastPass attempts to create truly randomized passwords while users only have to remember one login. Even though LastPass had a well-publicized breach earlier this year, it uses strong encryption. The passwords are only decrypted on the local machine, so having access to the password vault is virtually useless for an attacker.
Use Multi-Factor Authentication
Multi-factor authentication is one way to limit the damage an attacker can do if a login does fall into the wrong hands. It requires users to enter something like a code as well as a password in order to gain access. The most familiar use is a debit card that requires users to enter a PIN as well as swipe a card to make purchases.
The theory of multi-factor authentication is that it requires something that both the user has as well as something the user knows. Google offers a multi-factor authentication service that can be used to secure Gmail accounts as well as any number of other applications, including LastPass.
Conclusion
While there are a lot of threats against organizations, with the right tools, keeping them secure is surprisingly easy.