Tuesday, June 10, 2014

IT Security Audit

So what does anyone really need to secure your computers?
1.       Operating System Patches
a.       All of the latest service packs, and patches installed. (and the system rebooted) – If it is a Windows system then these will generally be released on the Second Tuesday of the month (Patch Tuesday) You can get advanced notification of this (Search for Microsoft Technical Security Notifications)
b.      A support Operating System – because systems now run for a long time, and because most of us don’t like spending out unless we have to, there are a lot of operating systems out there that aren’t supported.  If they aren’t supported then any security holes are not being plugged
2.       Other Software Patches
a.       Yes other software is patched we tend to think along the Microsoft Office lines here, but a lot of software is updated, to fix bugs as well as security holes. Check these regularly
3.       Anti-Virus Software
a.       Is it up to date, both the software to the latest version and the virus signatures to the latest version
b.      Is it scanning in real time, and also is a full virus scan scheduled
c.       Are all removable media scanned when it is connected (or inserted) to the computer
4.       Backup
a.       Do you backup up all of your data
b.      Is this backup stored off site, and also easily retrievable (Easiest way for this to happen is to use an online backup)
c.       Has your backup been tested recently I would suggest at least once a month
5.       Staff
a.       Are staff trained to make sure they know what to do, and who to report to
                                                               i.      Can they scan removable media
                                                             ii.      Can they scan an email, or attachment
                                                            iii.      Know how to retrieve data from a backup
                                                           iv.      Who to call for help or report an incident to, so the system can be checked clean
6.       Firewall
a.       If you have a firewall, is it configured correctly to only allow the necessary data in and out of your network
7.       Username/Passwords
a.       Are all your passwords
                                                               i.      Complex
                                                             ii.      Changed regularly
                                                            iii.      Old user accounts removed as soon as possible
b.      Hardware password, changed from the default (admin, password, default etc.)

The above is a fairly comprehensive list of items that need to be addressed, but you might have other items that need to be secure. If you need help to complete this you can contact me on 01752 546967 or martin@limbtec.com

No comments: