Spring Cleaning: Don’t Forget Your Technology!

NetgainCybersecurity & Compliance, Financial IT, Healthcare IT

Every year when spring arrives, people celebrate the end of winter and begin to emerge from their hibernation. It is during this season that summer preparations begin. Winter things are packed away, birds start building nests, and the deep greens of nature appear. Spring is a season of refreshing, whether a person, a bird, or nature. Though it is often not something we consider to be a part of spring-cleaning, an important aspect of our lives that needs to freshen up is our computing environment. Here we have provided a list of some critical items to put on your spring cleaning list. Doing so is a fantastic way to help you and your organization remain safe and secure.

  1. Review User Accounts
    When people are hired, many various accounts may be created over the course of the employee’s tenure. Accounts can include email, access to vendors’ websites, administrative access to your organization’s website, and many others. Documenting all accounts that are created when someone is hired will ease the process of ensuring they are disabled upon an employee’s departure. Take time this spring to brainstorm, and review the accounts for employees that may no longer be with you.
  2. Review Firewall Rules
    A firewall is the device in a network that separates your office technology from the Internet. The Internet is full of malicious activity that can pose a serious risk to your organization. As business needs change, the firewall may also need updates to accommodate those changes. For example, if a firewall rule is no longer necessary, the rule should be removed to minimize the attack surface presented to the Internet.
  3. Review Backups
    As crypto malware increases in prevalence and sophistication, having effective backups may be required to restore your data following an attack. Do not merely count on your company’s ability to pay the ransom. Some crypto malware includes errors that make it impossible to decrypt your data even after a ransom is paid.Recovery by using a backup will most likely result in the loss of some data. However, losing some data is significantly better than losing it all permanently.
  4. Review Passwords
    Over time, employee turnover may result in former employees who still have access to corporate resources. Most commonly, this is due to shared passwords that are not changed when the employee leaves Take some time to review any passwords that former employees may have known and change them. Passwords that may be overlooked include:

    • Wireless networks
    • Vendor websites
    • VPNs and other remote connectivity
    • Shared full disk encryption passwords
    • Codes to security doors
    • Location of hidden key
      • Helpful hint: No business should have a hidden key to the office
    • Sensitive documents
    • Any default passwords they may have used
  5. Review Protection Methods
    Nearly every organization uses some antivirus software, and rightfully so. However, malicious software (malware) is improving and better able to find ways to bypass the protection offered by antivirus. In response, some antivirus software has added new features including one called application whitelisting. Spring-cleaning provides the perfect opportunity to implement application whitelisting, if you have not already done so.

Final Thoughts
Our sincere hope is that this list can help your organization improve its security. While spring provides an excellent reminder, conducting these vital system reviews even more frequently will greatly improve your organization’s security posture.