IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

The best way for IT pros to save themselves time

Mon 14 Mar 2016
FYI, this story is more than a year old

In the last few years the job of the IT pro has expanded to new heights. As new innovations from storage to data privacy are created, IT pros are constantly having to add to their skillsets to keep up with the pace of today’s evolving technology landscape. For many IT pros it has heavily impacted their workload however it has also given IT pros a great opportunity to learn and develop. While nobody knows the value of time more than an IT pro, one of the most efficient ways to lighten the workload is to invest in educating employees about IT security. 

This is largely due to the impact that the actions of uneducated employees have on the IT pro’s day. Every inadvertent or ill-advised click leads to IT pros having to spend time fixing the problem, or patching after a hacker gains access to the network due to an employee’s poor password protection. So why not try to eliminate this and save some time?

Educating employees on effective cyber-security procedures and basic steps on how to take care of IT equipment, as well as implementing software that can pre-empt mistakes made by employees, will ultimately save the IT department time. Investing in education employees about IT security could help you put more time back into your day and there are many ways this can be done.

Employees go rogue  BYOD is now widely implemented across most organisations, but from an IT pro perspective employees using personal devices for work has caused nothing but hassle. Something as simple as an employee losing a personal laptop which happens to have VPN access; or having an employee’s smartphone stolen out of a bag when it is tied into the corporate mail system can lead to vast amounts of corporate data being stolen. This could be catastrophic if data is leaked or worse, compromised. The most efficient way to overcome this is to block unauthorised devices from accessing the network by creating a policy that allows the team to track and monitor devices, switches and ports. To ensure maximum security, develop a ‘whitelist’ of all the devices which are allowed to infiltrate the network and set up notifications if a device attempts to access the network that is not on that list. Then educate employees on the importance of quickly notifying IT when a device is misplaced or stolen so that access can be promptly revoked.

The impact of poor network configuration The growing workload of the IT pro can be noticed in the rising number of poor networking configuration, often occurring due to it being carried out too quickly by time-stretched IT pros. Insufficient network configuration is problematic as it can lead to employees making unofficial and inaccurate network changes which takes a lot of time for IT pros to change back. However, a way to combat this would be to automate the network configuration process so the procedure could be carried out much more efficiently. Such a tool can be used to perform scheduled network configuration backups, bulk change deployment for thousands of devices all with minimal input from the IT pro, freeing up valuable time. As well as limiting the concern over employees making changes to the network, these tools can also catch configuration errors and automatically notify the administrator of any compliance issues.   Train up the team It’s easy for IT pros to assume everyone has a good understanding of IT security and the associated technology, but the reality is many don’t - especially in a work environment where it is common for up to three generations who all grew up with different levels of technology exposure to all work together. Therefore, IT pros need to remember that though it might be obvious to check the source of an email before clicking a link and foolish to use ‘password123,’ to others they wouldn’t think twice.   To combat this, the general workforce needs to have a better understanding of the dangers associated with everyday mistakes such as using unsecure cloud storage services, having weak passwords, accessing unsafe websites or copying sensitive data to personal devices.   It seems simple, but the best way to mitigate the risk of human error is to make staff aware of the impact their actions can have and put security at the heart of their responsibilities. For example, it’s human nature to lock the office door if you’re the last one to leave to prevent burglaries. But remembering, or even thinking about, the security risks of accessing sensitive data via public Wi-Fi does not come so naturally. Therefore, employees need to be made aware that by doing so they are making the organisation vulnerable in the same way they would if they didn’t lock up the office.   When the network is compromised by a hacker accessing corporate data through an employee’s device it’s up to the IT pro to find out what has been taken and patch the vulnerability which can take a great deal of time. However, we’d see less errors if employees were aware of the dangers.

A way to start this initiative is to join forces between IT and HR departments to work closely together on an ongoing basis to develop workshops to implement this human-centric approach to data security. Ensuring training is thorough but easy to understand is key to its success. Additional buy-in from senior management is also required to allow employees to take the time out of their days to attend such sessions. Of course it’s still always better to be on the safe side and reduce risk by implementing a combination of employee education and technical controls such as limiting user permission.     Password security  Instigating security workshops will help employees learn about security breaches, their potential impact on the business, and understand how they can prevent them in a relevant and engaging way.

Often the excuse for having a weak password is because they won’t remember a difficult one. So inform employees that these complicated passwords don’t need to be 66 uppercase letters interwoven with seven roman numerals and a range of symbols. Instead, set a fun challenge of coming up with four random words and joining them up, and creating an image in your head to remember them all. For example, take these completely unrelated words ‘flag, castle, dog and pizza.’ On the surface these are four completely random words which would be difficult to remember but if you painted a picture in your mind of a dog eating a pizza in a castle with a flag, it will be much easier to remember. And remarkably, such a scheme of for separate words (with spaces) is HARDER to crack than using the usual scheme of one or two words with numeric replacements, such as “d0gp1zz4”.

Ensuring a consistent education policy like this is implemented will help to mitigate the level of damage employees can do as they become more aware of the consequences of their actions, thus freeing up valuable time that IT pros should claim back.

Article by Leon Adato, Head Geek at SolarWinds

Related stories
Top stories
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
Aligned Data Centers increases sustainability-linked loan
Aligned Data Centers has increased its sustainability-linked loan from $375 million to $1.75 billion to speed up the next phase of its strategic growth.
Story image
GapMaps Live to improve brand decisions on physical locations
GapMaps has released its latest service GapMaps Live, giving more insights and features to help brands make better decisions about physical locations.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Story image
Fastly acquires Glitch, enables faster developer innovation
"This acquisition brings together two of the worlds best ecosystems for application development into a single, seamless developer experience."
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."
Story image
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Comcast to use ThreatQuotient for cybersecurity operations
Comcast, the parent company of NBC Universal and SKY Group, has chosen ThreatQ Platform and ThreatQ Investigations to meet their cybersecurity needs.
Story image
Manhattan Associates
Shortening the click-to-customer cycle through smart technologies
Speed of delivery without accuracy is a dealbreaker for consumers. How can retailers operating in an omnichannel environment overcome the challenge of click-to-customer cycle times.
Story image
Equinix announces milestones on sustainability commitments
Equinix has released its 2021 Sustainability Report which outlines progress, innovation and accomplishments on key ESG commitments.
Story image
Digital Marketing
Similarweb acquires SEO and rank tracking company Rank Ranger
Digital intelligence company Similarweb, which specialises in analysing web traffic, has acquired Rank Ranger, a market leader in SEO and rank tracking.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
Nutanix study reveals financial services sector lagging with multicloud adoption
Nutanix has released new research that reveals the financial services sector is lagging behind when it comes to multicloud adoption.
Story image
SPS network now available to CrescoData eCommerce customers
CrescoData, a Pitney Bowes Company and PaaS business in the commerce space, says its customers can now connect to the SPS Commerce Retail Network.
Story image
Vectra AI
Vectra’s inaugural Partner of the Year Awards revealed
APAC companies Baidam, Firmus, ShellSoft and Macnica have been recognised in Vectra AI's inaugural Partner of the Year Awards.
Story image
Digital Signage
MAXHUB's Digital Signage range to bolster boardroom productivity
The new MAXHUB Digital Signage technology is purpose-built to make every kind of team meeting more effective.
Story image
New Relic enters multi-year partnership with Microsoft Azure
New Relic has announced a strategic partnership with Microsoft to help enterprises accelerate cloud migration and multi-cloud initiatives. 
Story image
Digital Marketing
Getty Images delves into the world of NFTs with Candy Digital
Getty Images and Candy Digital, the next-generation digital collectible company, have announced a new multi-year partnership agreement.
Story image
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
In 2022 the number of Trojan-PSW detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323.
Story image
Digital Transformation
Pluralsight and Ingram Micro Cloud team up on cloud initiative
Pluralsight has teamed with Ingram Micro Cloud to build upon cloud competence and maturity internally, and externally support partners’ capabilities.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
Women in Technology
Huawei webinar emphasises the importance of women in tech
Industry findings by Coursera discussed as part of a webinar jointly organised by Huawei and Reuters Events found 6% more women enrolled in tech courses this year than in 2021.
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Alteryx releases updates, empowers data insights for enterprise
Alteryx has released new advancements designed to aid enterprises with cloud analytics, democratise insights and ensure data governance.
Story image
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Multi Cloud
Red Hat updates dev tools, empowers use of hybrid and multicloud
Red Hat has unveiled updates across its portfolio of developer tools, designed to help organisations build and deliver applications faster.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Vodafone NZ buys remaining stake in retail joint venture
Vodafone New Zealand has purchased the remaining 50% stake in the specialist joint venture (JV) with private equity company Millennium Corp.
Story image
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."