Spring cleaning? Don't forget about your technology!

634084-POB6S2-217It’s finally Spring here in the Northeast, which means it’s time to get cleaning! Usually, we think of Spring cleaning as taking part in household chores, but there’s another place most IT professionals overlook that needs some attention; That’s right, your technology!

Sweep Out Unauthorized Applications 

Start by taking an inventory of your applications. Apply application white listing in your organization and continuously monitor to ensure that only authorized software will be allowed to run. This will give you a first-hand look at what’s going on in your environment. Also, it is a good idea to update your operating systems, firmware, and run a quick back up. 

Dust Off Old Admin Privileges 

Watch for accounts that no one has logged into in months. These are called zombie accounts. Revoke the rights of those people who do not need them. When more people have access to company data it creates a bigger security risk. Administrator privileges should be audited frequently in order to keep up with transparency and security.

Another place people forget to audit is their Active Directory. AD accounts are disabled but they are still hanging around, which can be a backdoor that leaves your network vulnerable.

Take Old Emails to the Trash

Email is the number one vehicle for phishing attacks, along with malware and ransomware attacks. Unethical hackers are using complex techniques to send very credible emails, getting even the most trained and sophisticated users to click on links and attachments. See if you can spot the difference in this Google quiz. Educate your employees; Help them understand how to spot an advanced phishing attack and prevent future breaches. Here are a few signs to look out for based on Google's best practice recommendations:

  • Urgent action required
  • Poor spelling and grammar
  • Something doesn’t look right about the message
  • Mismatched URL
  • URL contains the misleading domain name
  • The message asks for personal login information

Spit Shine Your Password Management 

Using a different password for each online account seems challenging for most people. Remembering which password you used for which account can be nearly impossible. Make your life easier by using a password manager. Password managers generate secure unique random passwords by using a combination of letters, numbers, special characters, and passphrases. Think about storing them all in an encrypted vault. Since online, or cloud-based password vaults aren’t always 100% secure, use an offline, or on-prem password manager that has multi-layer encryption.

Wet Mop with Multi-factor Authentication

Using secure multi-factor authentication is currently the best and most secure way to add an extra layer of security to your online accounts for services like Google, Twitter, Dropbox, and many others. Usually, it involves sending an SMS text code to your smartphone along with your password. You can also generate an individual code with your smartphone by using apps like Google Authenticator. Another option is to use something you have, like a special YubiKey, email address or something you are by using biometric data from Voice or geo-location.

Once you’ve completed this list, sit back and enjoy an improved and more secure environment (while you avoid your real spring cleaning)! 

Tags: 2FA, email, encryption, IT Security, MFA, Multi-Factor Authentication, multilayer authentication, On-premise, Password, password strength, Saas vs On-premise, account management, Active Directory, data security, OTP Authentication, password alternatives, password encryption, Password Management, password manager, password quality, Password Security, #phishing, secure authentication, transparent authentication, Two-Factor Authentication, web applications, secure login, Google Authenticator, OTP Methods, hackers, passphrase, secure passwords, breaches, IT Department, security risk, HOTP, Ransomware, unlocking accounts, ransomware attacks, IT Professionals, IT Management, maintain security privacy, secure integration, secure acounts, software, administrator, management solution, operating systems, malware, unauthorized applications, firmware, Admin Privileges, zombie accounts, multilayer encryption

Eric Jeffers

Author: Eric Jeffers