Is IT security in your firm where it needs to be?
IT security is near the top of the agenda for every executive management team. Although IT is not something executive managers are likely to get hands-on with, and is best left to qualified practitioners, there are simple spot-checks that executive leaders can make to see if basic security is being implemented.
Here are 5 spot-checks to see if your basic IT security practice in your firm is where you should expect it to be.
1. Are passwords written down?
Passwords are something of a nuisance. Long strings of hard to remember random characters are often recommended. However, many find it impossible to put this into practice without writing them down. Look out for sticky notes stuck on monitors, or pinned to partitions and walls. Is there a notebook entitled ‘Passwords’ lying on someone’s desk?
To reduce risk, consider the use of an online password manager application. Some good ones are free! As an alternative, two factor authentication (2FA) is also a powerful tool for controlling access, and blocks access with stolen logon credentials.
2. Does the network allow guest users to logon?
Guest logons are sometimes enabled by IT teams for testing and to allow temporary access for visitors. However, this can provide an easy way in for unwelcome access to the network. Simply try logging in to your computer using the user name ‘Guest’ without a password.
If the device unlocks and lets you access the network, it’s time to have a word with the IT team about shutting down the Active Directory Guest account.
3. Check if you have any online accounts that could be hacked
Using the same email address as the user name and the same password across multiple online accounts is a widespread practice, because it’s makes life easier. Whether it's LinkedIn, Facebook or Google, people tend to be creatures of habit. However, if any one of the sites where you have an account has been the subject a data breach, hackers exploit account name and password re-use to hack and access personal information.
Use the website https://haveibeenpwned.com to check whether any of your online account information has been compromised in a data breach and take appropriate action. Get all your staff to do this as well.
4. Do you get prompts to manually update software?
Note whether you have outstanding notifications or immediate alerts that software needs to be manually updated. This might indicate that automatic updates is not enabled. This can mean that software with known security vulnerabilities is in use, making your systems susceptible to attack.
It’s not just Microsoft Windows 10 and Office suite applications. Apps like Adobe Acrobat and Oracle Java all need to be updated as soon as a new release or patch becomes available to close known security vulnerabilities.
If you have to manually update software, speak to IT about automating the process.
5. Is access to network resources controlled?
Once logged on to the network, do all users have the ability to access all network resources such as network drives, databases and printers? Sales team users don’t need access to accounting data, and vice-versa. If management roles do require this access, a separate group for supervisory grades should be set up with appropriate permissions.
To control access to network resources, speak to IT about implementing Active Directory user and group policies to restrict access on a need-to basis.
Safer and more secure IT with HTL Support
HTL helps dozens of firms to enjoy safer and more secure business computing, enabling them to conduct day-today business with greater confidence.
To find out more about how our IT Guys are able to help you take control of IT security in your business, simply get in touch today.
To see more about how you can make your firm safe, click here for ‘A practical guide to IT security’ from the Information Commissioner’s Office (ICO).