IT security within a company is a process. Taking a good look at the existing infrastructure at regular intervals is something that should always be done. A few simple tips go a long way in preventing bigger problems occurring.
Spring clean for the corporate network
G DATA provides tips for increasing the level of safety in the IT infrastructure.
Spring is the best time for a major clean-up - not just in the home, but in the office as well. Once a year, many people traditionally use a spring clean to have a major clean-up within their own four walls. Administrators should also use this opportunity to check the corporate network and the actual processes for the year ahead. G DATA explains what IT managers should tackle during a major clean-up and has put together a checklist that will significantly increase the level of security in the company.
Spring heralds sunshine and warm weather. As the sunlight streams in through the window in your home, not only does the dirt on the windows become visible - in winter we hide ourselves away, let things be and, thanks to the darkness, overlook those particularly dusty corners. It’s the same in the office. After the holidays and the short, dark days, the course is set for the year ahead. Administrators get tied up with setting up new users or dealing with everyday IT problems. Yet, the time should be used to overhaul the corporate infrastructure and make it fit for the coming months.
- Checking the Windows Active Directory domains: Often there are still user accounts in existence even though the associated staff members have long since left the company. Obsolete but active user accounts are a prime gateway into a network. Preventing the abuse of such accounts is easy, though. If it is not possible to delete a user account for some reason, the account should at least be disabled. As it is not generally advisable to delete corporate information, accounts of former staff members should always be disabled and moved to a corresponding organisational unit.
- Capacity checking: Do the hard drives still have sufficient space for the increase in data in 2018? A network monitoring tool can give an indication of this. The module constantly keeps an eye on the infrastructure and informs administrators when storage space is low.
- Network load:Network monitoring can also help with checking network activity, looking for indicators of a potential compromise. This could include potentially harmful software, which establishes an external connection.
- Setting up and testing backups: Has a backup been set up? Perhaps things cropped up in 2017 that are not yet included on a backup plan? Are the existing backups actually working? A successful field test can give an indication of this and make for less stress in case of an emergency.
- Update clients: A look at the software inventory can also be worthwhile. A patch management system provides an overview of the installed programs and the versions - without having to install additional modules. Firstly, this gives administrators an overview and, secondly, it provides an opportunity for deciding on measures to take to improve security - such as distributing patches via an add-on module and restricting or removing problematic software. Modules that are integrated into a security solution are recommended for this.
- Checking user permissions: Not every user in the network needs access to every resource. Users who have more extensive permissions than required for their task may unintentionally jeopardize network security, for example by running malware that steals and/or abuses the user’s credentials and permissions. Clear, understandable guidelines are important for a corporate network. A policy management tool, such as that found in G DATA business solutions, can help with this.
- Disabling USB ports: Many USB devices are automatically detected and set up as storage volumes. To date, many users are unaware that even trustworthy devices can smuggle potential malware into the corporate network. Therefore, IT managers should consider where USB ports should be enabled and where they should be disabled. G DATA security solutions include a policy manager that helps administrators set up user groups with specific permissions.
- IT security training for staff: Cyber attacks can be successful very quickly if staff inadvertently take unnecessary risks when working with the PC or a mobile device and, for example, trigger a malware infection by clicking on a link in a spam email. IT managers should therefore carry out regular training and so increase awareness of current online risks.