With Spring here, it’s time for a little cleanup. At Roundbrix, we’re only too familiar with those items that seem to get left by the wayside, yet they can cause significant harm. Consequently, we thought we would share a few tidbits of what we have learned in the last ten years.
Are we backing up everything we should? This is a big issue and we see it all the time. We all get busy and add file shares here and there, or maybe a new database and somehow get pulled away from finishing the job which means including it in the nightly backups. Oh, this could hurt!
Do the backups actually work? I once worked with an outfit and discovered for two and a half YEARS, a gal would rotate the backup tape and take it offsite. The only problem was the backup job never ran! Folks, doing a sample restore of a file that was created yesterday will give you a ton of confidence that what you believe is in place is working.
Do these people still work here? Often times, folks leave and there are leftover items. They may still be a user on your system including e-mail. They may also have been granted VPN or remote access which may greatly expose your company. Some may even still have voice mail set up and changed the greeting to something not very nice! Another area of weakness we have discovered is when a user actually has been given the wireless access point password. What this means is they can sit outside in the parking lot, sit on your network backbone and attempt to get into employee accounts especially if passwords and security is not rigorous.
Can we get rid of those old computers? Sure you can, but realize what you can use and what you need to destroy before handing that machine into another party’s hands. What you should keep is usually RAM, especially if you have a lot of the same model machines. There’s not a machine out there that won’t benefit from at least 4GB of RAM and if it’s a 64-bit machine, it can benefit from using even more! It’s also an inexpensive way to stretch that IT dollar on those remaining aging units. On laptops, saving a couple extra power supplies might prevent you having to throw good money after bad should one fail. What you need to destroy is the hard drive as you don’t want ANY company data going with the drive. We use the HAMMER method with a pair of safety goggles – it’s like a sport!
Who has access to what? Ok, this is a bit more of an exercise but reviewing who has access to what makes sense. We would start at the firewall and look at the VPN list and ensure that access is not granted without VPN IPSEC access. We would also look at Access Control Lists (ACL) in the firewall. Additionally, just changing user passwords and wireless and administrator passwords every six months just makes smart business sense to catch those straggling items that are often overlooked. In more sensitive environments, we recommend a quarterly review and changing of the passwords. Here, having a documented password change procedure makes sense.
Are folks surfing on my time and my dime? The short answer is yes, but is it at a point of excess is really the question? The policy should be simply “if someone needs to get a hold of you, they can call”. Other than that, ask folks to respect that work time is not play time. If that policy doesn’t work, you can put in web monitoring and application control, which is available on many firewall platforms that can prevent excessive social media abuse on business time.
These are just a few simple steps to keep you safe, secure, well-protected and productive. As a business, you need Spring to be a time of growth as the vacation times start coming up pretty quick in Summer!
Let us know if we can help you button things up!