5 Steps to Improve Your Company’s IT Security
October 2, 2017 No CommentsFeatured article by Anton Pozdnyakov, CMO at Softerra
As a business owner, you obviously want to make your IT systems as secure as possible. But even if you invest in expensive and sophisticated cybersecurity software, you can still be vulnerable, if you have your basic IT management done wrong. In fact, most security breaches are results of simple mistakes that could have been easily avoided.
Here are five tips to make your IT environment a safer place by just doing the basic things right.
1. Automate User Provisioning and Deprovisioning
Making user onboarding and offboarding procedures fully automated means that you are taking the human factor away from the process. Therefore, you can make sure that all user accounts, including their access rights, licenses and privileges, are always set up correctly. And when it’s time for the users become your ex-employees, none of the access rights are left to them.
Automation also allows you to hide technical details from the employees, who are directly involved in the user management process. This makes delegation easier and more secure. Provisioning can literally be simplified to a one-step operation for the HR or the managers who perform it. So, you can be sure that they won’t mess anything up, no matter how complex the actual procedure is.
2. Initial Password Communication
There are two things you need to solve with initial passwords. First, what the initial password should be. Second, how to communicate the password to the user.
The best approach is generating a random password every time a new user is created and then automatically sending it via email or SMS. This allows you to avoid things like somebody guessing the password or intercepting it along the way. You can even hide the password from the staff, who are performing user provisioning. Only the new user will know the password and will safely change it at first logon.
3. Control Group Membership
The easiest way for the users to elevate permissions is to add their accounts to groups, which grant additional access rights. To stop that from happening, you need to keep control over your group membership. One of the ways to do that is running scheduled checks that each group only has the members that it needs to. If someone is in a wrong group, they will be automatically removed.
For the most security-sensitive groups you can also set approval-based workflows. This way the group membership can only be changed after an approval is granted by an authority of a respective level. This can be a member of the IT staff, the manager who is in charge of the group or anybody else that you define.
4. Approval-Based Workflow
Speaking of approvals, that does not only apply to group membership management. Such approach can be useful in all sorts of IT-related tasks.
With approvals up your sleeve, any operation that needs to be delegated without sacrificing control can be safely passed to lower level personnel. The time-consuming part can be delegated, whereas the operation won’t be executed until an approval is granted. This can be applied to operations like updating certain security-sensitive accounts, granting additional permissions, removing users from the system, etc.
5. Educate Your Users
Whatever you do with your IT systems, your users will remain the most vulnerable part. And the chain is only as strong as its weakest link. Therefore, it’s extremely important to keep your users educated. Explain the threats and make sure they understand, why do best practices work. If the users don’t understand why security related inconveniences are there, they will find a way to avoid them.
If you do the education part well, you can at least hope that they would stop writing logins and passwords on sticky notes by their monitors and do other stupid things like that. This alone can be a big deal.
Conclusion
Protecting your company from most everyday threats isn’t that hard. If you can make sure that all the processes in your IT environment run the way they are supposed to be run, that’s a huge part of success.
As always, the weakest link in any security system are the users. So, the more you take the human factor away from your workflows, the more efficient and secure it will be. In places where users can’t be excluded from the process, make sure you educate them. Only when you do all the basic things right, you can move on to more complex and expensive security solutions.
Anton Pozdnyakov is CMO at Softerra. Softerra provides Adaxes, a management and automation solution for Active Directory, Exchange and Office 365 environments. It allows organizations of all sizes to reduce the workload on IT departments, minimize time wastages, increase security and much more. Try it yourself with a free 30-day trial.