GFI Software released guidelines for businesses ahead of the end of year holiday period, traditionally a time when many office-based businesses close for the festive season, leaving IT departments unmanned and key IT systems at heightened risk of hacking and denial of service attacks, malware infections and unauthorized access.
This year brings the added challenge of end-user devices being used to remotely access company resources, in particular email, following a surge in sales of iOS, Android and Windows 8-based tablets and smartphones. An unprecedented number of users will remotely access company resources for the first time – with varying levels of knowledge and care – using devices with varying levels of security in place to protect the user, the data and the connection into the network.
“The holiday season traditionally poses a big challenge for organizations of all sizes, as the need to monitor and maintain IT systems has to be balanced against the need for staff to take time off,” said Phil Bousfield, GM Infrastructure, at GFI Software. “However, IT staff face additional challenges, as not only do they need to consider the reoccurring threat of networks and systems being targeted during the quiet holiday period, but also the risk posed by employee devices being used for remote access.”
Combined with the added risk of external network intrusion, malware infections and natural disasters, such as power outages, burst pipes and burglary, the risks are higher than ever if not adequately addressed ahead of time.
GFI Software recommends the following precautions to ensure that networks and servers are as robust as possible in the face of heightened security threats over the holiday period:
Remove redundant user accounts: It is imperative that system and application user accounts belonging to former employees, or belonging to current employees no longer needing them, are purged. Dormant user accounts – known as Ghost Accounts – pose one of the biggest risks of unauthorized access and increase the number of entry points for an opportunistic hacker.
Shut down unnecessary open ports: Check routers and gateway appliances to make sure that only the most critical network ports are open. Closing unused ports greatly reduces the risk of intrusion, as well as helping to interfere with malware, spyware and other malicious code trying to communicate under the radar of port monitoring software.
Patch all software: Before shutting down for the break, make sure that all operating system and key application patches have been applied. A dedicated patch management solution will automate the process of both finding and deploying patches to all machines on the network, reducing the workload of IT staff throughout the year as well as the risk of operating system and application vulnerabilities being exploited.
Update antivirus software: Ensure that both the antivirus application and the definition files on all servers and other critical equipment are up-to-date. While systems are being left unattended, it is imperative that malware defenses are as robust as possible to prevent accidental or intended infection of key systems, such as mail servers.
If you don’t need it – switch it off: Non-essential systems should be shut down while the business is closed. This will reduce the risk of unnoticed equipment failure and prevent non-critical systems from being compromised and used to access critical systems and storage silos.
Refresh the IT policy: If your organisation doesn’t already have a policy regarding BYOD – set one. The same applies regarding the required security levels of any device used to connect to company resources either remotely or within the building. An unsecured tablet is a potential threat to data security and compliance.