How Winxnet Uses IT Security to Keep Your Network Safe
Over the past several years in our security posts we have been showing you ways to keep you, your data, and your enterprise more secure. Today we wanted to share with you the ways we practice what we preach and show you some of the controls we have in place to keep our (and your) information secure. To keep this short, we will only concentrate on major, best bang for your buck measures.
- User Awareness. We continue to harp on and drill into our employees the importance of staying alert, reasonably questioning the validity of any incoming requests, locking their screens when they get up from the workstation, and other vigilant measures. To gauge the effectiveness of the program, we perform periodic phishing tests, and the results show improvement over time.
- Mobile Device Encryption. Anything that can carry data and leave the premises gets encrypted. This includes our phones, laptops and USB drives.
- Multi-Factor Authentication. Our critical systems, especially those that have to be available from outside, are protected with MFA. This measure assures that accidental exposure of user credentials does not lead to a compromise of the security of our data.
- Vulnerability Management. We scan our own systems for vulnerabilities and have a process in place to assure that the important issues get remediated in a timely manner. We do this testing against both the internal systems and our external perimeter, quarterly.
- Automated Patching. Related to the item above, we have a process that assures that important security fixes are applied to all our systems as soon as it is feasible.
- Centrally Managed Antivirus. All our user systems receive malware protection that is managed and monitored by dedicated knowledgeable staff.
- DNS Security. As part of our egress filtering effort, we use Cisco Umbrella (formerly OpenDNS) as a layer of defense against the external threats.
These measures are a part of the core of Winxnet’s control set, mandated by our Information Security Policy. We strongly recommend considering their implementation at our clients as well, and our security experts will be more than happy to help you with any questions you have on the subject of security.