Security 101

What should I be doing every month to maintain the security of my company technology?

To maintain the security of your company’s technology, it’s essential to establish a routine and perform some basic IT actions every month. While security management in some large corporations may have dedicated staff and formal procedures, smaller IT departments must maintain their security while keeping the lights on with limited resources.

Here are some tasks your IT department should be doing every month to keep your company safe:

1. Update software and firmware: Ensure that all software, firmware, and operating systems are up to date with the latest patches and security updates. Now days this should be pretty simple, most desktops should be set to auto-update and servers are now much simpler to update. Your team should have a set day of the month to apply server patches and equipment upgrades. Pick a day each month and stick with it!

2. Review access privileges: Regularly review user accounts and access privileges to ensure that only authorized personnel have access to sensitive data and systems. This doesn’t have to be a large undertaking. Set a calendar reminder each month and spend 10 minutes going through your Active Directory, CRM, Badge Access Control systems or any systems you regularly add and remove users from. Check to make sure any terminated employees are removed and all temporary or contractor logins are correct.

3. Conduct vulnerability scans: Scan your network and systems for vulnerabilities that could be exploited by attackers, and prioritize fixes based on risk. You should have automatic, monthly, vulnerability scans setup to check EVERYTHING, inside and out, of your environment. Review these results monthly. If you don’t have a monthly vuln scanning of your systems setup, give us a call.

4. Monitor logs and alerts: Review logs and alerts from security systems, such as firewalls, intrusion detection systems, and antivirus software, to identify and respond to potential security incidents. This is another action that does not have to be a large task. Spend 15 minutes one day a month and review any alerts from your firewall, applications, databases, cloud environments and any other critical systems. Findings don’t have to be resolved right away. Make note of any issues and bring them up at your next security meeting to be tracked and resolved.

5. Review Data Backups: Test backups periodically to ensure they can be restored in case of a data loss event. Review your backup systems and ensure that there have been no failures and that storage space is adequate.

6. Train employees: Conduct regular security awareness training for employees, covering topics such as phishing, password management, and data protection. Usually training is done annually, but we highly recommend sending out monthly ‘reminders’ to keep everyone on their toes and thinking about security. Even a simple email or blurb in the company newsletter will help improve your security.

7. Review third-party vendors: Assess the security practices of your third-party vendors and partners, and ensure they meet your security requirements. Check for contracts that are about to expire, or access accounts that may need pruning or updating.

8. Hold a monthly security meeting: Monthly security meetings are critical to maintain security and help guide security priorities for IT staff and company objectives. Each month, relevant IT staff, company managers and any other positions involved in maintaining security should meet to discuss events of the month, cover any risks that were discovered, such as new malware detections, or vulnerabilities. Security priorities for the next month should be determined to help keep everyone working together to improve security.

By following these monthly tasks, you’ll be better equipped to protect your company’s technology infrastructure and minimize the risk of security breaches. Adsero Security can help your IT Department improve or maintain its information security.

We offer a full suite of security services for all company sizes that can help you drive your business forward while staying secure.