Excited chatter about the latest operating system or device generally only dies down once the news media and bloggers begin musing about all of the bugs and security issues — tainting the release of many an anticipated new technology. It happens to Apple, Microsoft, Google, and other major development companies.
For the casual user, these bugs and security gaps are an inconvenience, perhaps even a nuisance. For the enterprise, these issues can be catastrophic. What does your IT help desk need to consider doing about it? Perhaps it’s time to stop waiting on the giants to fix their stuff and begin developing security measures in house.
Establish a Security Team
Since your IT department is comprised of tech professionals, it’s easy to assume that everyone is on board with security. But it is much more effective to select and groom a team with the sole purpose of being in charge of IT security. Designate a team leader, and divide all of the aspects of system monitoring, reporting, risk assessment, regulatory compliance, etc. to specific members of the team. Be sure to include alternates in case a security breach occurs during a vacation, illness, or at odd hours when the regular staff is not available.
Implement Good IT Asset Management
Knowing what devices are on the network, what software is in play on the systems, and who your users are is pivotal to network security. Software asset management helps keep your critical malware protection up-to-date and assures you have adequate licenses for all of the computers and devices using the network. With the right asset management solution, it is easier to identify suspicious activity within the system before serious damage is done.
Develop a Disaster Recovery Plan
Disaster recovery plans aren’t just for earthquakes and hurricanes. A disaster recovery plan is also in place so that you can get data restored and return systems to normal operations in case of hardware malfunction, data corruption or theft, cyber crime, and other unforeseeable issues. Include both onsite and offsite backups. The automated backups that are available with most products (such as those by Microsoft, Apple, Google, etc.) are simply not adequate for a business IT infrastructure. Additionally, the cloud-based backup solutions offered by these giants are highly targeted by cyber criminals. Most savvy hackers choose high-profile targets like these, because there’s more pay dirt and it’s considered a greater challenge to their skills.
Create Solid Security Controls
Set the bar higher for your security controls, including access controls, user ID and authorization, encryption, and intrusion detection. Don’t depend on the standard or default security settings that come with Windows, iOS, or other mainstream operating systems or software packages. Also, demand more secure passwords for users, and require that those passwords be changed frequently. Once per month is usually adequate, but for users with high-level system access, it’s best to change passwords once per week.
Conduct Regular Self Audits
Self-audits are not just to assess risks, but to give your security team practice in identifying and stopping an attack. Also, self audits are helpful training for getting systems back to operational status following a breach. Carefully document the team’s performance during each self audit. Look for regular and gradual improvement. Hone processes and address the security gaps identified during audits. The main mistake most companies make (unbelievably) is conducting self audits but neglecting to make improvements in the process using what was discovered during the audit.
With these steps, your IT help desk will be prepared whether the giant software companies step up their game or not.
About John Collier
Read more articles by John