March is upon us as we continue with our roadmap to securing your infrastructure. Hopefully, February’s posts reignited your passion for security. This month, we’ll discuss some topics that are typically overlooked or taken for granted. We often wear many hats in our jobs and tend to get busy, but we must stay vigilant in our efforts.
In the information security industry, one thing we cannot do is become stagnant. The minute we let our guard down or say, “Someone else will take care of that” is the moment we relinquish control to those we have so diligently defended against.
The security mindset
One of our goals for these weekly posts is to keep you, the reader, in the security mindset. We deal with troubles day in and day out and get run down. However, most of us get excited when there’s something new and intriguing, so I’m hoping to intrigue you throughout this roadmap and help you stay active in your efforts.
This month, we’ll be covering the following topics:
- User Accounts
- Network Awareness
Importance of data backups
Believe it or not, backups are one of the most important pieces of security. You may not think backups and security are related, but they most definitely are. I consider myself a “security realist,” meaning I have accepted that security cannot always come first and “bad things” will happen. The Boy Scouts’ motto — “be prepared” — is one of the most important life lessons to carry over to the security industry. Data backups are a large part of being prepared!
As we continue through this month’s topics, we’ll take a look at user accounts on our systems. User accounts? Yes, user accounts. Are all of your user accounts necessary? Are they actively being used? Are you using a naming convention? These are all questions we’ll discuss regarding user accounts.
Network awareness of rogue devices
Lastly, we’ll cover network awareness, which is knowing when a new device is connected to your network. CIS (Center for Internet Security) releases a “Top 20 Security Controls” list every year. Knowing what’s on your network is always No. 1 or 2 on that list. Can you honestly say that if someone plugs a new device into your network, or joins it to your wireless, you’ll know about it? You should! We’ll discuss how to make this happen, and I’ll even show you how to accomplish this in a video.
If this is your first time reading this blog post series, please take the time to go back and read previous posts as it can only help! We’ve talked about security awareness training, vulnerability scans, and patching. For those of you continuing along this roadmap with us, please post your thoughts — I’d love to hear them. See you next week!