6 IT Security Strategies for 2009

Spammers and cybercriminals are working harder than ever to develop ever-sneakier ways to launch an attack. In anticipation of a 2009 filled with increasingly sophisticated threats from spammers, here are some top strategies IT and security pros can use to thwart the bad guys, compiled from security experts from MXLogic, Websense and Bell Micro.

Rather than rely on any single piece of anti-spam and anti-virus solution or technology, deploy multiple layers of security throughout the organization. Gateway firewalls and antivirus software alone cannot protect against the complex malicious code that threatens the IT infrastructure. Firewalls can detect web traffic, but most have no means of monitoring the specific information being transferred. Antivirus solutions are reactive, not preventive; they are effective only against very specific threats, and they provide even this limited protection only after an attack has already occurred. Organizations need a solution that complements firewalls and antivirus solutions with content-level protection.

As malicious attacks become more dynamic, it will become increasingly important to stay current on security updates and patches. Consider implementing a managed security service, which is constantly monitored or updated by a third-party.

The weakest security link of any organization remains the end user. While IT and employee training budgets are likely to be tight this year, remember that an ounce of prevention is worth a pound of cure. Hackers can use vulnerabilities in web browsers to inject phony content – such as their own credit card-stealing form – into a frame of an actual trusted website. Users visit what they believe to be a trusted site, such as an online bank or an e-commerce site, and while the image they see looks valid, it is, in fact, a sham, and they are now vulnerable to hackers working in the background.

With today’s mobile workforce and the explosive growth of mobile devices, the notion of a protecting the network perimeter is all but dead. Reinforce this idea with end-users and upper management by eliminating this idea all together.

While many internal threats aren’t malicious, breaches due to loss, theft or employees accessing inappropriate content are a constant danger. Make sure your employees are aware of new viruses, phishing and identity theft scams, and that they are creating and using strong passwords and protection techniques.

It’s easy to focus on cost cutting by doing it yourself, but you may be paying more in the end. Modern managed services like e-mail or Internet security or archiving not only lower overall capital costs, but may be more effective as they’re monitored and maintained 24×7 by someone else.