Spring Cleaning: Don't Forget Your Technology!

Spring Cleaning: Don't Forget Your Technology!

Posted by Charles Killmer - Netgain’s Security Officer on May 2, 2016 10:52:58 AM

doctoronlaptop.jpgEvery year when spring arrives, people celebrate the end of winter and begin to emerge from their hibernation. It is during this season that summer preparations begin. Winter things are packed away, birds start building nests, and the deep greens of nature appear. Spring is a season of refreshing, whether a person, a bird, or nature. Though it is often not something we consider to be a part of spring-cleaning, an important aspect of our lives that needs to freshen up is our computing environment. Here we have provided a list of some critical items to put on your spring cleaning list. Doing so is a fantastic way to help you and your organization remain safe and secure.

  1. Review User Accounts
    When people are hired, many various accounts may be created over the course of the employee’s tenure. Accounts can include email, access to vendors’ websites, administrative access to your organization’s website, and many others. Documenting all accounts that are created when someone is hired will ease the process of ensuring they are disabled upon an employee’s departure. Take time this spring to brainstorm, and review the accounts for employees that may no longer be with you.
  2. Review Firewall Rules
    A firewall is the device in a network that separates your office technology from the Internet. The Internet is full of malicious activity that can pose a serious risk to your organization. As business needs change, the firewall may also need updates to accommodate those changes. For example, if a firewall rule is no longer necessary, the rule should be removed to minimize the attack surface presented to the Internet.
  3. Review Backups
    As crypto malware increases in prevalence and sophistication, having effective backups may be required to restore your data following an attack. Do not merely count on your company’s ability to pay the ransom. Some crypto malware includes errors that make it impossible to decrypt your data even after a ransom is paid.

    Recovery by using a backup will most likely result in the loss of some data. However, losing some data is significantly better than losing it all permanently.
  4. Review Passwords
    Over time, employee turnover may result in former employees who still have access to corporate resources. Most commonly, this is due to shared passwords that are not changed when the employee leaves Take some time to review any passwords that former employees may have known and change them. Passwords that may be overlooked include:
    • Wireless networks
    • Vendor websites
    • VPNs and other remote connectivity
    • Shared full disk encryption passwords
    • Codes to security doors
    • Location of hidden key
      • Helpful hint: No business should have a hidden key to the office
    • Sensitive documents
    • Any default passwords they may have used
  5. Review Protection Methods
    Nearly every organization uses some antivirus software, and rightfully so. However, malicious software (malware) is improving and better able to find ways to bypass the protection offered by antivirus. In response, some antivirus software has added new features including one called application whitelisting. Spring-cleaning provides the perfect opportunity to implement application whitelisting, if you have not already done so.

Final Thoughts
Our sincere hope is that this list can help your organization improve its security. While spring provides an excellent reminder, conducting these vital system reviews even more frequently will greatly improve your organization’s security posture.

If you wish to learn more about these reviews, please don’t hesitate to give me a call. I am more than happy to provide you with additional information.

Charles Killmer
Security Officer
Charles.Killmer@NetgainHosting.com
877.797.4700 x107

 

New Call-to-action

Topics: password security, malware

Thanks for visiting the Netgain IT blog.  The goal of our blog is to help our readers stay current on the changing needs and requirements of IT.  

We do this by proactively bringing ideas, expertise, and solutions to your attention, which enables you to communicate the related technology, security or compliance best practices to your employees.

 


 

Subscribe to Email Updates

Check out our latest resources:

New Call-to-action

New Call-to-action

New Call-to-action

 

 

 

Recent Posts

Posts by Topic

see all