Resilient Firewalls, DDoS Mitigation, Multi-factor Authentication are the sexy parts of IT but can be easily brought down if the small things are ignored. By ‘small’ things I really mean the more mundane tasks linked to good IT security;
- Admin Rights
- SSL Certificates
If your AV is not up-to-date and a network user accidentally clicks on a link, opens an attachment or falls for a phishing scam, it could result in a destructive virus spreading around the network, locking users out of important data or destroying the data.
The time cost to fix these network issues, far outweighs the cost to keep your AV up to date.
Usernames and passwords for core devices should be changed on a regular basis. For the Carphone Warehouse data breach of 2015, hackers were able to gain entry using old valid login details to access core systems via out of date WordPress software. The hackers made off with data of over three million customers and 1,000 employees. Carphone were fined £400,000 for this breach.
Operating systems require patching on a regular basis to keep software up to date. This will also help mitigate the vulnerabilities that occur on a regular basis. There are 3 main reasons why systems should be patched:
- Fix a security vulnerability
- Address specific bugs or flaws
- Improve an Operating system or application’s general stability
By not doing this you expose your network up to hackers who can exploit these weaknesses.
Keeping these up to date is more important that you think. SSL Certificates protect your sensitive information such as credit card information, usernames, passwords. What happens when you let a SSL certificate expire? Ask Ericsson. On December 6th 2018, Ericsson lets a certificate expire and 32 million people lose cellular service. The cost of a SSL certificate is about £10, the cost of 32 million people losing cellular service, loss of reputation and compensation claims … a lot more than £10!
And finally Testing
Now DDoS Testing and Pen Testing are not really ‘little’ things in the same way the others are, but they are certainly seen as mundane and are often seen as a ‘nice to have’ or even completely neglected.
So while you may have the latest Firewall, DDoS mitigation, security solutions, how do you know it is fit for purpose? Regularly testing these services will make sure they are configured correctly and working as they should do. Don’t wait until you are attacked to find out!
The mundane tasks in IT are not a lot of fun, but it is vital to IT security to make sure these are given the same importance as the more interesting tasks.