Companies are protecting themselves from high-profile threats such as malware attacks, but leaving themselves vulnerable to a variety of other issues, according to Network Box.
Organizations should pay closer heed to the applications used within the business. Increasing numbers of applications, including web-based applications, are used by businesses. This has led to a greater number of SQL injection attacks and vulnerabilities in social or rogue applications that are often inherently insecure, as they are not built with business purposes in mind.
IT managers should review the number of applications used across the business regularly, and test them for vulnerabilities, failures and correct use by employees. The advisory gives IT managers a checklist of applications and processes to monitor, covering security processes, productivity, connectivity, configuration, hard disk error monitoring, CPU temperatures, motherboard cooling, and network errors.
It also gives practical advice to IT managers, including:
Monitor your users and review the applications they use as part of the ISO9001 process or about once a quarter. Set clear user guidelines and policies covering which applications can and which can’t be used within the business, and how, and enforce that policy.
Test for vulnerabilities in applications. You can use automated systems, such as securityspace.com that does perimeter tests for you.
Ensure that you have a way of checking if operating systems and applications have been patched. Secunia.com provides a free service that allows you to run a test and find out what is not up to date
Monitoring security systems
Always consider what security systems you need, how you are going to monitor security, and what needs to be monitored, when you put it in place
Monitoring hardware – warning systems
Agree at what point a warning becomes critical and implement a warning system that you can monitor effectively. For example, you might chose to receive a warning if the CPU temperature on a piece of hardware reaches 40, but a “critical’ alert when it reaches 60, depending on the hardware in question.
Ensure there is a system in place to alert you to warnings: by email, screen or sound, or all three. If you are monitoring a large number of devices consider the server load. Monitoring can become quite processor intensive if mishandled or misconfigured.