Your approach to internet security should begin with a risk assessment. If you don't know what threats are likely to be posed to your IT systems and networks, and their potential effects on your business should they occur, then you are not really in a position to put in place a series of measures to counter these threats.
An effective anti-virus solution is absolutely fundamental to the security of any computer network.
Equally, a firewall is one of the most basic security mechanisms and should form an integral part of your internet security defences.
However, anti-virus solutions and firewalls are only of value if they are regularly updated. The range and scale of internet-threats is constantly changing and in order to address these it is vital that you ensure your anti-virus software and firewalls are fully patched and up-to-date. Ideally this should be carried out automatically in background mode.
Authentication provides an effective means of ensuring that only the people you want to have access to your computer network are actually allowed to do so. There are a range of different levels of sophistication, so you need to select the authentication solution that is the most appropriate for the particular needs of your business.
Bear in mind the need to provide secure access for your remote workers. A security defence is only as strong as its weakest link and any remote weaknesses can, and will, be fully exploited by attackers.
Wireless technologies pose serious security threats unless they are effectively managed. Consider the use of encrypted VPNs to address these issues.
Encryption is a growing requirement, particularly with the number of laptops now containing confidential or sensitive information. Even if you are just starting to use encryption, you should look to develop a staged implementation based around a unified encryption management approach.
Spam can be managed effectively through the use of anti-spam solutions. Outsourcing spam management is an option but take account of your need for control and effective reporting, if you opt for this solution.
Unified threat management systems now provide a range of security solutions in an integrated product. Whilst these can offer significant cost savings, you should bear in mind that if anything goes wrong, you will lose all your security functions at once, so a failsafe arrangement with a spare device is recommended.
Penetration testing can be a useful means of checking how secure your corporate networks are and identifying points of potential weakness.
Finally, remember the ‘people' factor. No matter how good the technical countermeasures you put in place, your security will only be as good as the users tasked with making these work. So, ensure that they are aware of your security policies and committed to enforcing them, and reinforce this with top management support.
Ian Kilpatrick, the author, is chairman of Wick Hill Group plc, specialists in secure infrastructure solutions for ebusiness. Kilpatrick has been involved with the Group for over 30 years and is the moving force behind its dynamic growth. Wick Hill is an international organisation supplying most of the Times Top 1000 companies through a network of accredited resellers.
Kilpatrick has an in-depth experience of computing with a strong vision of the future in IT. He looks at computing from a business point-of-view and his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and oveseas press, as well as being a regular speaker at IT exhibitions.
CRN 2008 channel awards winnder of '
Channel Personality of the Year', he is never afraid to voice his opinions on all aspects of the industry and on IT security issues in particular. He has an in-depth experience of computing with an excellent understanding of the industry from the vendor, distributor, reseller and end user point-of-view.
He has a strong vision of the future in IT and IT security. His approach reflects his philosophy that business benefits and ease-of-use are key to successful infrastructure deployment.