The business of IT comes with its own strength and weaknesses. The job of system administrators is usually only seen with a level of importance when there is a problem in the network and the rest of the computing environment. Nobody will approach a system admin and the IT team due to their systems working as expected and no unscheduled downtime in the near future.
The weakness of IT administration today is the risk of becoming extinct one day, as more automation and Artificial Intelligence are embraced by the enterprise. No matter what the future brings to the hardworking staff of the IT departments for the various organizations worldwide, stuff needs to be done. The importance of preventing issues is more commonly forgotten to give way to firefighting a cybersecurity issue. Time investment in implementing preventive actions needs to be applied by IT teams, an ounce of prevention is worth a pound of cure also applies in IT.
In this article, we provide some tips on how IT teams can help prevent cybersecurity issues:
- Is there a credible, effective and efficient backup system rolled-out for the organization?
There is no reason for an organization for not having a credible, effective and efficient backup system. Backup used to be very expensive in the previous decades, as organizations need to buy their own tape backup infrastructure, a place to store them and the power requirements to run them 24/7 to protect data in case of corruption. The option to rent a tape backup infrastructure was also a very expensive undertaking for the organization, given that the tapes are not within the physical custody of the company. With today’s growth of cloud-storage, which uses server farms the cost of backups became cheaper. This new development creates a fair environment for all organizations and even individuals to have a credible, efficient and effective backup system in place. It is unfortunate, that there are still firms that fall for ransomware. In a ransomware attack without a credible backup, the only choice they have is to pay the ransom, or else their vital data is lost forever in an industrial-strength encryption algorithm. Ransomware cannot make its presence felt if all organizations have a working cloud-storage backup that runs 24/7.
- Is the network traffic in expected condition?
System administrators need to enforce the strict monitoring of the network traffic. The adoption of a TCP and UDP port whitelist speaks a lot when it comes to network traffic management and security. With whitelisting, only the approved TCP and UPD ports allow entry and exit from the corporate network. Many of the data breaches today use a specific open port, which was left open in the network, even if it isn’t used for listening packets or a business-related data traffic. System administrators need to carefully communicate with their stakeholders, in order to define what ports to specifically allow as the rest, not in the whitelist are automatically blocked.
- Are the OS and App Updates installed on time?
Apps and OS updates are no longer a matter of option, it is a requirement, a necessary need to secure the IT infrastructure. Cybercriminals are very active in reverse engineering a patch, creating a weaponized software or malware in order to attack systems that were deliberately not updated yet. The gap between the release of a critical update and its actual installation varies widely from organization to organization. However, that time gap may be significant enough for hackers to penetrate the network and the vulnerable computers. It is imperative to install the patch as soon as it is released by the vendor, to minimize the chance of becoming a victim of a weaponized attack created out of a reversed engineered patch.
- Are security audits conducted regularly?
Security audits cannot be taken out as part of cost-cutting for a firm. Doing this is like a company shooting itself in the foot, if not on the heart itself. Security audits reveal weaknesses in the system and help the organization establish policies to counter the weaknesses.
- What is the current status of the User Account Management?
Resigned and fired employees must have their corporate login credentials disabled and retired at the soonest possible time. If there are still valid user accounts even after the employee left the organization, that is a loophole in the organization’s security infrastructure and policy. In fact, some erring former employees, even sell these usernames and passwords to 3rd parties on some hacking sites. It is imperative that firms establish an efficient User Account Management, don’t let a former employee have access to a system that they don’t a legal reason for.
- How the organization connects itself to the outside world? How secure the connections are?
Technologies in networking improve all the time, most of which is to increase throughput and heightened security. No organization should be using WEP encryption in Wi-fi for example. As the world is now standardizing using the 802.11ac, there is no reason why an organization maintains an 802.11g router or older.