No matter the size of your organization, there are pain points associated with properly securing your IT infrastructure. Unfortunately, there are bad actors that make security necessary. As if it isn’t difficult enough to keep up with passwords, those are no longer enough and we must now use multi-factor authentication. Basic firewalls and anti-virus programs are no longer enough and now we must employ layers of protection on network equipment and devices. You can’t always trust emails to be who they say they are from. It is a sad reality, but reality just the same. So, we have to take precautions.
As an IT professional, that means deploying best-practice methods at every layer of your network/endpoints. Layering is important, because the truth is no product or policy is going to be 100% effective against threats 100% of the time. We do our best.
But, these layers of protection can also be a pain to you, our users. Sometimes things don’t work like you want them to, or you have to go through extra steps. I am going to tell on myself here a bit from a real situation to illustrate a couple of things: 1. How good communication can help alleviate issues and 2. How best-practices work and are there for a reason.
Layering security isn’t just about the products we use, but the policies we setup using those products. There are many policies that we use for our clients to prevent the wrong people from being able to gain access to the network, website, etc. Some of these policies restrict access based on the country the login is coming from. It is an excellent start to layering security because you automatically make it harder for a large swath of bad actors to gain access.
When setting up these policies, we have to determine what countries a client would need access from so that we can allow the ones that are appropriate. I had this conversation with the director for one client when I set up their security polices, but then they had a change in leadership, and I failed to convey that to the new director. When he left the country for vacation but tried to access his email, he was blocked. It was easily resolved by modifying the policy temporarily, but caused him unnecessary frustration. So, lesson learned and we knew that we needed to create a new internal procedure to better communicate this type of information.
This situation is a perfect example of how Microsoft Business products provide small businesses with the ability to set enterprise level security policies that are effective. Additionally, I thought it was a good way to illustrate what we mean by layers of security being more than simply multiple products.
Sadly, the need for good security is only increasing. You need to protect your network and data from improper access as well as loss. A solid IT implementation does this using proper security and backup policies. It should be appropriate for your unique business, but make sure you have these areas covered. Contact Skyline IT Management if you need help.