The reason companies fail at information security isn’t because they aren’t installing the latest high-tech defensive software. It’s because they aren’t taking care of the security basics, like installing patches on time. What are some of the other information security basics you might be overlooking?
Managing employee access
Employee access rights shouldn’t be permanent. As job functions change, you should review and revise their access to match the responsibility of their roles. While ideally you’ll do this as soon as they take on a new role, at least review access privileges annually. Even more important, when employees leave the business, you should be sure to disable their access immediately.
Changing default passwords
Admin/admin? Everybody knows that login and password, including the bad guys. It’s easy to overlook changing passwords after you install new software, but it’s necessary in order to keep your systems secure. Use a unique admin password on all your systems in order to ensure you’re protected.
Reviewing security logs
Don’t just review log files after a breach occurs. Log files should be reviewed on an ongoing basis in order to spot breach attempts before they succeed. This doesn’t have to be a purely manual effort; there are good analytics tools to help identify suspicious behavior.
Enforcing secure mobile device usage
It’s convenient to have employees use their mobile devices to conduct business, but it also can be risky. Develop your “bring your own device” policy, teach employees safe mobile computing practices, and consider using mobile device management software to enforce your policies.
Protecting the cloud
Relying on your cloud provider for security of your data in the cloud is a mistake. Information security in the cloud requires both your organization and your cloud provider to take steps to protect your data. In addition, employee “shadow IT” usage of cloud resources can lead to security risks you aren’t aware of; consider using tools that help you detect unauthorized usage of cloud services.
Learn more in 6 Ways to Keep Your Cloud Secure.
Verifying configuration settings
Many security vulnerabilities, especially in the cloud, are the result of incorrect system configuration. Don’t rely on default settings, but make sure you explicitly set them to the values you need. Limit the ability to modify configurations to authorized employees, and use tools to detect configuration changes so they can be reviewed and verified. Use automation to ensure configurations are deployed consistently across all your resources.
Performing risks assessments
There are too many potential security threats to address all of them at once. In order to get the most value from the actions you take, it’s important to assess the risks you face so you can prioritize your responses.
Securing information resources requires implementing basic and advanced controls at multiple levels, including the network, the cloud, and endpoints. CCS Technology Group offers IT security services to help you comprehensively address your information security needs. Contact us to learn how our services can help protect your critical systems and data.