Very often IT administrators in small and medium-sized businesses are simply too busy supporting demanding users to proactively keep on top of IT security and administration. With this in mind, it is imperative that organisations conduct an IT security review on a regular basis to ensure that your machines are not compromised and hijacked.
Of course, our senior engineers are experts at testing system security and integrity, and we are always keen to hear from system administrators or business owners who want us to test how safe their servers and networks are.
What areas of IT security should you review?
While Akita can provide a comprehensive IT security review, the points below are a few basic first steps to securing your network and machines:
These should be as complicated as possible, and ideally will be changed regularly. You would be staggered at how many times on an IT security review we come up against the likes of “password” being used as protection.
To really protect passwords, they should contain letters (upper and lower case), numbers, and special characters. Clearly, a password such as “Tgs28£+13qz” is going to be far more secure than “george123″, which could be cracked in a matter of minutes.
Of course, passwords should not be passed around or shared – with an appropriate computer network and organised file structure and email system, there is simply no need.
Passwords should also not be recycled across various platforms – users can discover that many are already in the public domain as a result of data leaks and hacks.
2. User education
Many viruses reside in websites and emails and are spread by machines being infected and passing these on. User education is not straightfoward unfortunately, due to the disparity between users’ exposure and understanding of technology.
That said, users should be guided with regard to safe internet browsing and controls can be put in place to prevent undesirable websites being searched. Moving on from that, users should be reminded not to click on attachments in emails without considering what they are, even if the email is sent from trusted contacts.
Users should also be educated not to click on random links or pop-ups, not to download unknown software from the internet, and not to spread spam, hoax or “chain” emails.
3. IT Security software
Regardless of Your server and machines should all be protected by appropriate software to protect against viruses and spam emails. This should be kept up-to-date and reviewed on a regular basis.
Even with the basics covered, problems can arise and machines can become infected. It is vital that a decent backup system is in place and that users do not store files on the individual hard drives. With a properly managed back-up solution (and ideally a virtualised infrastructure!), any affected machines can be cleaned and reinstalled with only a modicum of inconvenience and a slight cost to bear.
To discuss an IT security review or Akita’s other IT Audit services, please get in touch: