A Look at Modern Security

Tim Howard

The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.

Don’t under estimate the threat of a cyber-attack.

Municipalities today, no matter large or small, are faced with endless cyber security risks. These security risks are forecasted to grow at an exponential rate in the years to come. Think back 10 to 15 years ago: Each employee usually worked on one desktop PC, and at home they maybe had one shared PC per household.  Today each person is connected to an average of approximately three devices each.  With this increased size in attack surface, and the growing sophistication of cyber-attacks, protecting your municipalities network and citizen’s data will only become more challenging.  So, where can you begin?  One way is by reducing your attack surface by improving your endpoint security.

Reduce your Attack Surface with a Modern Endpoint Security

Consider Endpoint Security as the new and improved antivirus protection—but it is so much more. The Endpoint Security software available today features Application, Device, and Web Control. These tools allow you to control what the user can actually do, which will reduce your “attack surface.”  They also provide a means for your IT Administrator to enforce security and appropriate usage policies.

Application Control allows you to block the use of unwanted applications.  You may even want to block legitimate applications from user’s computers as well. Although they may not be malicious sites, they may be unproductive sites, like games, instant messaging programs, Facebook, or iTunes.

Device Control can restrict the use of USB drives, network adapters and other peripheral devices. You can block all USBs, except those that have been supplied by the IT Department. New and unapproved devices can be detected, and then notify the network administrator.  The IT Administrator can then choose to authorize the new device or not.

Web Control allows you to decide which websites to block or allow. You can do this based on categories like adult websites or shopping websites. Because web control is located on the Endpoint itself, these rules will apply whether they are on the corporate website, at home, or at Dunkin Donuts; this is really important feature if you have a mobile workforce.

Additionally, modern Endpoint Protection software can sync with your Microsoft Active Directory (AD). This allows for the two services to communicate with each other. Policies and user groups that are created or modified in AD can be pushed in to the Endpoint console.  This communication greatly simplifies and improves the security management process.

Open the lines of communication with a Synchronized Security Solution

For decades, the security industry has been treating network security and endpoint security as completely different entities. A traditional security solution is like putting one security guard outside the building and another inside the building, but not allowing them to talk to each other. Today a revolutionary, yet simple Synchronized Security Solution can be implemented. Synchronized Security is like handing those same two security guards a 2-way radio, so that when one of them spots an issue, the other knows about it instantly. Synchronized Security allows next generation endpoints and network security solutions to continuously share meaningful information about suspicious and confirmed bad behavior across an organization’s entire infrastructure including mobile devices.

Mobile devices are rapidly growing in number: first laptops, then phones, then tablets, and now watches! How can you begin to manage all of the devices employees are now using? This is a huge challenge, AND employees are using mobile devices more than you or your IT Administrators may even be aware of (See Related Graph). The graph highlights that, whether you want to believe it or not, more and more company data is ending up on employee devices. This makes it even more important to have Mobile Device Security in place to protect your company information that appears in emails, company internet, and company documents that are being shared via email, and collaboration sites using cloud storage. The use of mobile devices has created an entirely new workplace, with a true 24-7 business landscape. Today, the productivity door is wide open, and YOU need to adjust to how your employees are now working.

No matter your organization size, you need to stop and assess the risks you may be facing, and put the right security solution in place. How much risk are you willing to take? To reverse the trend of increasing incidents and breaches, we must take a much different approach to I.T. security than we have done in the past. To do this, we must implement new solutions that are simple, effective, automated, and coordinated. The good news is that this capability is already available today; they just need to be prioritized, and implemented accordingly.

Tim Howard is President and CEO of RMON Networks (www.rmonnetworks.com), an IT Support Company specializing in services for municipalities since 2002.  Tim can be reached at thoward@rmonnetworks.com or at 603.869.7323.