Story image

Nine ways to boost IT security during the summer holidays

27 Nov 2019

Article by Attivo Networks A/NZ regional director Jim Cooks

A long, hot summer is a popular time to get away from the office for a well-earned break, but it’s also a great opportunity to review your cybersecurity strategy.

With fewer users to manage, IT teams will likely have more capacity to carry out tasks that might have been overlooked during the busy business year.

Systems and networks can be checked and preparations made for when the pace picks up again later in January.

For those IT security experts who didn’t get their holiday request form in early enough and are part of the remaining skeleton staff, nine things to add to your festive to-do list are:

  1. Check patches: Most attacks make use of some form of vulnerability that is already known and for which a software patch has been released. Check to ensure all devices on your network have received the latest patches and complete updates where required.
     
  2. Remove access rights: You might have signed their farewell card and attended the drinks party, but have you removed that former employee from your IT infrastructure? Ex-staffers may still be able to remotely access data and applications even though they’re no longer part of the organisation. Check your directories and ensure their credentials have been deleted.
     
  3. Review access privileges: Sometimes staff need additional network access privileges as part of special projects, and this can often remain in place far longer than is needed. Review the privilege levels for all staff and ensure they are set to the minimum required to get their jobs done.
     
  4. Automate processes: For IT teams, there are never enough hours in the day to get everything done. During this quieter time of the year, spend time looking for tasks and processes that can be automated. Examine the tools already in place and ensure you are using all the available automation functionality. When in doubt, check with your technology vendors for their latest integrations.
     
  5. Check cloud security: Cloud platforms make it very easy to spin up resources to support projects and new initiatives. However, there are regularly security attacks that take advantage of these resources when they have been misconfigured or left open. Review all projects that have used cloud platforms during the year and ensure they have been closed off or deleted when no longer required.
     
  6. Review passwords: Passwords should be changed regularly, so enforce an organisation-wide change for the new year. Also consider deploying a two-factor authentication to increase security even further. This would also be a good time for some golden ticket mitigation where you can remove persistent access and remove password histories.
     
  7. Check endpoint devices: Company-provided devices are likely to be effectively managed, but what about the BYOD equipment being connected to the network? Review all the devices being used by staff and ensure all required security and VPN software is installed and in use.
     
  8. Check firewall rules: Sometimes firewalls are configured to allow specific traffic to access specific resources to support a short-term project. Review all firewall rules to ensure that any that are no longer required are disabled or removed. This is especially important if access has been given to external suppliers or consultants who may no longer be working for the organisation.
     
  9. Improve in-network detection: The quieter holiday period is a great time to deploy a security deception fabric across your organisation’s infrastructure for early and accurate detection of network intruders. The technique works by using traps and lures within the network that attract an attacker into engaging with a decoy server. This, in turn, will alert the IT team to the presence of the attacker in the network so steps can be taken to remove them and prevent an attack. Based on the technology’s use of machine learning, there are also some interesting deception-based visibility tools that you could check out that will help show exposed attack paths and network device additions.

By taking these steps during the quieter summer months, IT teams reduce risk and prepare for the year ahead.

It might not be as enticing as eating ice cream on a beach, but the value it will deliver to your organisation will be evident long after the summer sun has faded.