03 NOV 2017

Advices for corporate IT security

Every company, whatever its size, must set up a strategy for corporate IT security, built considering its business, the reference market and the presence of databases of data to be managed. Although it is impossible to guarantee 100% security – because even the best computer system could be attacked and because, even if the company achieves perfection in the security of hardware and software, it should always take into account the human factor – it is possible to reach excellent levels of security through information and computer science.

The first step for company IT security is to inform, that is create the culture of security, it means that the company should share with its employees – and customers if necessary – the guidelines, where training actions, sometimes perceived as useless, are made to guarantee everyone’s safety in the long-term.

 

How to choose hardware and software from a security point of view

From a computer science point of view, there are some precautions that companies can take to guarantee themselves a level of security: when they select devices, it is good to turn to certified manufacturers and companies whose reputation in terms of security is known, although cases of vulnerability are known also among the largest manufacturers of consumer computing devices, such as Samsung and Apple.

Another interesting criterion to be evaluated when a company chooses a partner for safety devices could be the analysis of crisis management when a problem arises. Has the manufacturer changed the products? Has it evolved from a security point of view? Has it corrected the bugs?

Finally, a last criterion could be the evaluation of the security protocols guaranteed by its own partners.

 

How to improve internal IT security

1.      Passwords

In the field of IT security, passwords must not contain obvious information and, above all, that access data is not be transferred. It is better to share a file with several different accounts than to cede data. Finally, one of the safest criteria for choosing passwords is their length: 10-12 character long passwords are safe from the most common attacks.

2.      Protect Wi-Fi

Wi-Fi network can be protected using the latest available version of mechanisms for authentication. Then it is important to use a well-built key.

3.      Use a VPN network

VPN – virtual private network – is the network that allows you access from outside the company network as if you were inside, to access a computer of the company from a device that is located in another physical place. Once the connection is established, you can control the computer remotely and access network resources. It is useful when a company wants to share business data without wanting to expose it to web applications. The VPN guarantees traffic encryption and it is possible set different security levels such as two-factor authentication.

Finally, it must be remembered that even with the installation of the technologically safest software, the application is still subject to human error and for this reason it is necessary to start from the culture of safety. This is even more valuable when we are speaking about small and medium-sized enterprises, which do not have the resources to have an internal security department, but need technologically suitable solutions that are economically affordable to achieve the goal.

Edited by Lucia D’Adamo, in collaboration with Alberto Caporro, supervised by Marco Pirrone