Network Managers’ Action Plan – Detail

This item discusses creation and publishing a company Acceptable Use Policy (AUP), together with the implementation and enforcement of a Security Survival Plan (SSP). Without an AUP in place the organisation has no legal and practical framework and a survival plan (which might be given a different title!?) is a great document for the Network Manager to formally document the organisation’s situation to senior management.

1. Acceptable Use Policy for SMBs

Without an AUP in place the organisation has no legal and practical framework. It has far more restricted room for manoeuvre if (in extreme situations) it needs to take sanctions against an employee. The AUP ensures that all parties are agreed that the company has the right to monitor and control use of its own network.

Your AUP needs to be simple and to the point and importantly sold to employees. They need to understand the reasoning and sign-up (literally) to a process that the company is implementing to protect itself from internet risk and fraud – and importantly indirectly protect their employment. The AUP emphasises to employees that the company internet access and network resources are in place for business use.

The AUP needs to evolve over time but we have included a straightforward template devised by government funded Businesslink.gov.uk.  Alternative and potentially more complex AUPs are available online from solicitors and others but will undoubtedly need amending for your own environment.

2. SMB Security Survival Plan

Again keep it simple and achievable.

  • Block all illegal and undesirable sites for everyone. Overblock rather than underblock.
  • Emphasise in your AUP that the downloading and installation of non-approved software on employees’ company owned PCs and laptops is forbidden on security grounds. If necessary block certain file types such as executable program files to discourage this practice.
  • If possible, put all or most users into a NetPilot whitelist internet filtering group. Only allow them to see a restricted set of sites they need for business use. Importantly, this blocks both undesirable content and the likelihood of downloading malware. Significantly it also stops time wasting.  For many organisations this whitelist may contain only a few dozen or a few hundred business-related sites – but these will be of known reputation and less likely to have been compromised.
  • Certain departments or individuals will claim that general restrictive whitelists make their work related tasks impossible. For these staff members implement either a customised, more open whitelist, or restrictive blocklists. Point out the AUP restrictions on downloading non-approved software.
  • Staff will undoubtedly want to visit non-work related internet sites. The employer may feel ‘obliged’ for one reason or another, to provide these facilities. If this is the case, install separate ‘locked down’ PC(s) on the DMZ of your NetPilot and implement a less restrictive blocklist for these devices with access times controlled by NetPilot timebands.  ‘Locking down’ can be achieved using cheap but effective software, providing a defence against malware or users downloading questionable software, either deliberately or inadvertently.
  • Adopt a belt and bracers approach to malware scanning. Load each laptop and desktop with market leading AV software, but also undertake scanning on the incoming internet feed at the gateway NetPilot.
  • Update all old browsers. Put in place plans to ensure all PCs and Servers are running sufficiently patched software. Ensure you have enough time to conduct regular audits and updates.
  • NetPilot can really help with securing remote communications from mobile devices or branch offices. Using ultra efficient encrypted SSL VPN tunnels and Data Leakage Prevention software (enhancements added to NetPilot V6 software in the last 12 months), could be a major help in improving both network security and performance.
  • Medium or Longer Term. Look at ways of using Thin Client PCs – devices that are implicitly locked down with no ability to be compromised. This goes hand in hand with thoughts of using more centralised private or public cloud services where computing is centralised. Admittedly cloud technologies introduce the prospective of differing security threats. However, NetPilot has introduced its ‘Cloud Ready – Cloud Safe’ program to assist in this respect.

3. Monitor and Amend AUP and SSP policies and documents

These are living entities which will necessarily evolve over time.

  • Keep your AUP updates and published on your intranet or equivalent.
  • Keep staff appraised of (and sold on) successes and modifications needed.
  • Use NetPilot logs and analysis functions to improve or modify whitelists and blocklists.

No Comments Yet.

Leave a comment