PxPixel
Leap Year 2016: How IT pros can use the extra day to getting ahead in business security - PC Retail

Leap Year 2016: How IT pros can use the extra day to getting ahead in business security

SolarWinds discusses why the year’s extra day is the perfect opportunity for carrying out internal security tests
Author:
Publish date:
1-leon-adato-web.jpg

Leon Adato, ‘head geek’ at SolarWinds, offers up his top business security tips for February 29th.

it’s the Year of the Monkey, the Summer Olympic Games, and it has gifted us with one more Monday at the end of February. Although this may encourage grumbles and groans, it can also be a blessing in disguise, if you use it wisely.

As an IT professional, using the extra day wisely could be the gift that keeps on giving by preparing you for a less stressful rest of the year.

If you do just one thing on your extra day, use it to test your internal security. Every hour you spend testing and verifying security on average can save you eight hours at a later date. Spend the time to check your security settings on your firewalls, and your alerting systems, and the security-related aspects of your network monitoring tools in order to catch an attack or a vulnerability which you may not have found in the normal rush and bustle of business.

It should go without saying (but we’re going to say it anyway) that if you don’t have tools for these things, you should be using this time to evaluate and select them so you can get them in the door as soon as possible.

You can also make your extra Monday count (and help make the rest of your Mondays suck a little less) by implementing the below tips and tricks.

Review your access control List
As employees have a growing number of devices connecting to the network, it is important to regularly review the device access information for your network. Rather than continue to put it off until “I have time”, use this day to gain an overview of what devices are connected to the network, where they are connecting from, and what user accounts they are associated with. Strange device types, connection sources, or times of access should be an immediate red flag. Take into account employee life-cycles as well. If an employee has recently left the company or changed departments, their devices may still be connected to information which is no longer necessary.

Using those extra precious hours to review this list can save you against malicious attacks to your network as well as help to reduce the chance of a slow, over-loaded network.

Implement an automation tool
There is no one way to get around the increasing complexity of the IT infrastructure, however, implementing the right tools can help you simplify the day-to-day IT management. By now, most companies understand why a monitoring solution is a good idea. But making sure that you implement not just the monitoring, but any capabilities for automatic response (clearing temp directories when the disk is getting full, recycling the application pool with the web server is sluggish, restarting services when they stop unexpectedly, etc.) should be leveraged to their utmost. It is far more efficient and effective to have a computer fix a problem when the computer sees it at three in the morning than waking up a human to do the job. Especially if you are that human.

As your infrastructure grows, you will save a lot of time in the long run by investing in these tools as they can help provide necessary performance information, which can enable simple issue remediation and prevent mistakes from happening – something which may not be humanly possible.

Update your firewalls
Regardless of the network size, firewalls can accumulate an ever-growing list of conflicting and redundant rules and objects, which can cause mayhem in firewall management. You can use the extra time to run automated scripts or leverage a firewall management tool to help with the clean-up process by identifying conflicting rules, removing redundancies, and generally streamlining the ACL structure.

By not paying heed to firewall security management, you may as well welcome network threats into the organisation as it is the gateway in and out of the secure enterprise network, so it is certainly worthwhile putting it to the top priority once again.

Take back some ‘me time’
The life of an IT professional can be stressful, demanding and draining even at the best of times, so instead of allowing Monday February 29 to look and feel like any other Monday on the calendar, you may want to use this extra day to kick back and reclaim your ‘me time’. Make it a “no meeting Monday” in order to reduce the noise, and gather your thoughts.

By keeping in mind the wider impact of IT, IT professionals can better identify the potential pain points and areas throughout the entire company, helping to minimise the everyday issues. Maybe this is the time to reassess the way you work as an IT team and think about your priorities, and how you might streamline processes amongst your co-workers to ensure the time of the IT professional is time well spent.

Whatever you decide to do with your extra day, this chance only comes around every four years, so don’t treat it like the rest. Whether it is through tightening your internal security, checking your firewalls, or simply taking a step back and thinking about the bigger picture – be sure not to waste it.

Leon Adato is ‘head geek’ at SolarWinds
www.solarwinds.com

Related