Ten Best Information Security Practices

Know about security tips that can be applied in both the corporate and home environment

1. Data Encryption: Data stored on internal, external (mainly) disks, system files, and any remote access or information exchange with the company, must be encrypted. Encryption is essential to protect sensitive data and to help prevent data loss due to theft or loss of equipment. Remember: Information is the most active of the company; In addition, encryption today is cheaper and more commonplace than you might think.

2. Use digital certificates to sign all your sites: Save your certificates on devices such as “Routers or Load Balancers” rather than WEB servers, as traditionally still done in much of the market. Always obtain certificates from trusted authorities.

3. Implement DLP (Data Loss Prevention) and Audit: Use data loss prevention and file auditing to monitor, alert, identify, and block the data flow inside and outside your network. Some Security suites already have this feature natively, the challenge is to break the paradigm or even resistance to its use.

4. Implement a “strict” policy for removable media: Restrict or limit the use USB drives, external hard drives, USB flash drives, external DVD recorders, and any recordable media. These devices facilitate security breaches in both directions, from the inside out and from the outside in. It is estimated that the information theft index of employees who were dismissed or asked to be disconnected from their companies was 69% according to the Ponemon Research Institute. The study called “Job at Risk = Data at Risk” talked to 945 people who left their companies in the last 12 months and 67% of respondents said they had used confidential information from their former companies to re-enter the market.

5. Safe sites against MITM1 (Man-in-the-Middle) and Malware infections: Use SSL; “Scan” your site daily for Malware; set security flags for all session cookies; use SSL certificates with ExtendedValidation.

6. Use spam filters on e-mail servers: Use spam filters, such as “SpamAssassin“, to remove unwanted e-mail from both inboxes and junk e-mail folders. Prevention goes through education, so teach your users how to identify unwanted messages even if they are from a trusted source, through corporate communications campaigns and/or internal webinars.

7. Use a complete Endpoint solution: Some vendors suggest using a MultiLayered product to prevent malware infections in users’ equipment. Today, having only antivirus software is no longer synonymous with protection, in addition it requires Personal Firewall and intrusion detection to have what I call a minimally secure suite.

8. Security by the binomial Software and Hardware: Use Firewalls, Antivirus servers, Intrusion Detection devices, HoneyPots2 and ostensive monitoring to track DoS (Services Denial) attacks, virus signatures, unauthorized intrusion, port scans (PortScan), and other attacks and attempts to breach corporate security.

9. Keep Security patches up to date: Some antivirus programs have automatic and daily updates. Make sure your security software and/or hardware is up to date with the latest anti-malware/virus signatures and patches. If for some reason you have to disable the auto-update service, run a system check regularly and have a minimum remediation plan for the worst case.

10. Educate your users: As stated above, security is compulsory for education, so user awareness is certainly the most important “free software/hardware” solution – An informed user is a user who behaves more responsible and takes less risk to company data, whatever the level it is.

It is worth mentioning the most common measures such as: software traces use, software for regression testing use in the operating system, VPNs use, strong passwords use, and so on. Having security is the best policy and vigilance is paramount. Be aware of it and encourage your users to have it too.

Aluisio Andrade is Operations and Services Director at Nap IT

E-mail: [email protected]

1Man-in-the-middle = You get your coffee, connect to the establishment’s Wi-Fi network and start working. You must have done it a hundred times before, right? Nothing seems out of the ordinary, but know that someone is watching you. They are monitoring your web activity, recording your bank credentials, home address, personal email and contacts – and you will not be suspicious until it is too late. Today’s thieves will no longer steal your wallet or purse as you enter the subway, but instead will use an arsenal of cyberattack methods to secretly take over your information.

As you take your delicious coffee and take the opportunity to update your emails and social networks, a hacker will intercept the communication between your computer and the cafe’s Wi-Fi router, and access your personal information available on your smartphone or laptop. This method is known as an MITM or “man-in-the-middle” attack, and is just one of many weapons cyberlodges use to steal it, or rather to steal it, after all you’ll even notice it until you reach first bill of your card. 2HoneyPots = tool that simulates security holes in a system and gathers information about the attacker. It is a trap kind for intruders, however, it does not offer any protection kind except exposing the flaw.

Confira outras postagens


+55 (51) 3372 6200


Brasil, Porto Alegre

Estados Unidos, Weston - Flórida

Chile, Santiago

México, Ciudad de México