Montana Technical Solutions Website Development Design Maintenance Kalispell

Montana Technical Solutions Computer Workstation Security Primer

Local Workstation Best Practices

Local workstations on a corporate LAN  represent an important attack vector for hackers.  They are attractive to attackers due to the fact that end users vary widely in their sophistication and  practices.  If enough end users are targeted, eventually some form of penetration will be achieved.  Fortunately, it is not difficult to significantly improve security of these network end-points.  Review the five points below to quickly and easily achieve improved security:

  1. Implement corporate policy requiring strong passwords on end user workstations and accounts.  Unsophisticated end users will complain, but most will actually comply.  This exercise is useful in identifying the truly vulnerable end users who are at most risk.  (HINT: they are the folks who struggle to create a strong password and need help entering it once it is implemented).  Work with them closely to further reduce your exposure.
  2. Review your backup and restore procedures.  Obviously backups need to be done regularly, normally daily, and stored securely, both on and offsite.  Have you tested your restoration procedures?  BE SURE your backup plan is working.  Even great vigilance can be undone via a single viral email or DNS-redirected web page.
  3. Review your anti-virus and safe browsing software from the workstation point of view.  We assume your end users are behind a firewall appliance, or, at the very least, some form of network firewall software.  Windows 10 offers the best workstation security for general purpose PCs, but be sure to review your Group Policy settings for Windows 10 configuration.  For Windows 7 Defender is competent, but not entirely reliable.  It requires extra effort, but using a combination of the best anti-virus solution with the best safe browsing solution is a ‘best of all worlds’ answer.  Not  only do your settings need to be complimentary, the extra burden on your workstations is also non-trivial.  So be it.  We recommend taking the time and effort required to optimize this aspect of your workstations => that is what Group Policy is for!
  4. End user procedures.  Are your end users adequately coached on ‘do’s and dont’s’?  Do they have reasonable access to help desk support if they have questions?  Be sure they do!  Don’t put them in a position of having to choose between not getting their work done and taking an unnecessary risk with, for example, a questionable email attachment, simply because they cannot timely reach tech support.  It is IT’s responsibility to assist!
  5. Finally, end user procedures.   Are your end users adequately coached on ‘do’s and dont’s’?  Yes we are repeating ourselves here, but this is a broad topic.  However, two main threat vectors exist for end users:  email and web browsing/social media.  Educate end users on both topics and insist that they do not surf non-SSL websites without explicit permission.  Lock down their browsers and refuse to do business with those websites.  If this is a new policy, set a deadline for implementation.  The time is long past for permitting corporate employees to interact with insecure web sites on the public internet.  Use the built-in browser security features of Edge, Chrome, Firefox, and/or Safari to assist in securing your network.  As for email, Gmail offers security and convenience.  If Gmail is not acceptable, use either a white label email hosting service setup by your internal IT staff or your IT consultants, or use a highly reputable third party email hosting service.  Use great care in selecting your vendor, cost, convenience, reliability, and security vary greatly  Admittedly, this is a non-trivial approach, but necessary => there is a reason Gmail is so popular.

Follow these steps to greatly enhance your network end user security, reducing significantly your exposure to external attacks.   We overlooked #6 => keep your software up to date, but hopefully, in 2017, this is self-evident.  If not, we repeat, KEEP YOUR SOFTWARE UP TO DATE!

Thanks for visiting!

Montana Technical Solutions Computer Workstation Security Primer