Is Your Server Secure Enough?

Cybersecurity February 10, 2017

Copyright: vladimircaribb / 123RF Stock Photo

Technology and security can be a big investment – but the cost of recovering from a data breach is much bigger. Not just in terms of money (although it will be expensive) but also in terms of reputation. Customers and clients will lose some of their trust in you. That’s why it’s crucial to ask, is your server secure enough?

When businesses don’t take the proper steps to secure their servers, they risk being attacked in multiple ways. Hackers can give your network viruses, steal customer data, steal identities, and even shut down your entire system.

In a survey done by Forbes and BMC, 69% of senior executives stated that “digital transformation is forcing them to rethink their cybersecurity strategies” and 64% are willing to increase their spending if it means protecting themselves better against known security threats.

Cybercrime is still on the rise and shows no signs of slowing, so how can you be sure you’re taking the proper steps to secure your servers? Look over this checklist of 14 tips to make your servers more secure to see what more you could be doing.

Use separate servers for internal and external applications

Using separate servers for internal and external applications will reduce the risk of someone penetrating the external server to gain access to sensitive internal information.

Use a separate development server for testing and debugging apps

Tweaking code and testing new features or applications on your main server can not only create malfunctions in your user experience, it can leave your servers vulnerable for a cyber attack. Allowing developers to test code on product systems can introduce security vulnerabilities while the untested code is being used. Therefore, it’s best to have a separate server for testing all together to add that extra layer of protection.

Keep software up to date

Software updates are not always about new features. Many times they include essential security updates. Running the most updated versions of all software will ensure you have the highest level of protection possible from your programs.

Use SSH key over password logins

One common strategy hackers use to gain access to computer networks is they automate attempts to find the right password combination. SSH keys are an alternative login that are more secure than password-based logins. SSH keys use cryptography to authenticate remote computers and users.

Install firewalls

Firewalls control what services are exposed to your network. They can block or restrict access to every port except for the ports you choose to make publicly available. Firewalls should be installed on all endpoints, meaning all web applications, servers and desktops.

Use VPN or private network

Private networks keep your servers from being exposed to hackers by keeping the connection separate from external networks and the Internet at large. A VPN, or virtual private network, creates secure connections between remote computers while remaining private.

Use a public key infrastructure

Public key infrastructure, or PKI, refers to the set of procedures and policies you can use to support, send, and manage public encryption keys. In addition to helping users and computers exchange data more securely over networks, such as the Internet, PKI adds another layer of security by authenticating the identity of the users or computers that are exchanging that information. PKI is used for any activity where electronic information needs to be transferred securely over a network, including (but not limited to) online banking, e-commerce and email.

Install an intrusion detection system (IDS)

An IDS is just what it sounds like. It’s software that monitors a system or network for unauthorized activity and then alerts you to the threat.

Do some file auditing

File auditing is when you compare the files in your current system to your record of files and file characteristics to detect changes to the system. File auditing can help you find suspicious files that may be hiding in your network undetected for the moment.

Use secure FTP instead of plain FTP

Secure FTP, or SFTP, is a file transfer protocol that uses authentication and encryption to enable secure file transfer between networked hosts. SFTP also provides remote file system management functionality.

Use secure email connections

Regardless of whether or not you send sensitive information via email, using secure email connections and encryption is important. Failing to secure email accounts could result in a hacker obtaining access to your network through your email. How can you be sure your email is as secure as it can be? Double check that:

  1. Your email provider uses SSL/TLS.
  2. Encryption is activated in your email settings.
  3. Any desktop clients used for email (Apple Mail, Outlook, etc.) and any mobile apps used for checking email are using Pop3S, IMAPS, and SMTPS.

Encrypt highly sensitive emails

Beyond the precautions suggested above for using secure email, highly sensitive emails should be encrypted using encryption software or a web-based encryption service, such as SendInc.

Scan web applications using remote security tools

Web applications should always be scanned for vulnerability issues, such as cross-site scripting, SQL injection, and command injection, to name a few.

Make sure your website isn’t vulnerable to cyberattacks and hackers

A vulnerable website can lead malicious users right to your server to do more damage. For more specific information about how vulnerable your website may be, check out our blog on cybersecurity best practices.

READ: Is Your Website a Sitting Duck for Hackers? Cybersecurity Best Practices

BONUS TIP: Train your employees in cybersecurity best practices

All the security measures in this list are necessary and important. However, one of the biggest things you can do is train your employees to recognize cyber threats. According to a report from 2015, the leading cause of data breaches is human error (37%). Someone clicks on a phishing link or opens a file that’s attached to an email, and suddenly your entire network is exposed. Make sure your employees know how to recognize suspicious threats and what your policies are for dealing with such threats.

Cybersecurity is a big concern for businesses this year. Investing in security costs way less than recovering from a breach. Using these tips will help make sure you are protected and keep your server more secure.