Cyber security is a set of tasks and processes used to protect the integrity of networks, systems, software, and data from unauthorized access, attack, theft or damage. It’s probably one of the biggest topics in the technology industry today. This is why Fortech Solutions thinks a security analysis should be planned and conducted regularly.  Below is a series of steps you can take to ensure that all of your systems and data are up to date and protected. If you need some help, or want to know more please feel free to reach out to us for a free quote or consultation.

1. GDPR Compliance

Make sure you are GDPR compliant. General Data Protection Regulations (GDPR) are a list of rules, put into law by the European Union. They were created in 2016, and implemented in 2018. It spans across 28 European countries. Making sure that all companies and organizations are following general data protection regulations is the first most important step to a security analysis.

2. Deactivate

Deactivate old user accounts. This includes accounts belonging to former employees that do not work there anymore. Administrative users and software developers will sometimes come up with test accounts and never delete them. Make sure those are deleted too.

 

3. Review Admin Role Privileges

This isn’t the same as deleting fake or irrelevant accounts altogether. It’s to make sure that current users have the CORRECT access. Should the people that hold all the keys to the Kingdom have all the keys? In most businesses there are various tiers, or levels of access. Only a few employees should have all the keys to the entire kingdom.

4. Security Software Patches

Any security analysis should be scanning to see if all of your software is up to date.This means having all security patches installed. That includes all third party integration components as well, meaning all connected apps within the network.

 

5. Remote Access

Check remote/vpn access and make sure that everyone that has access from outside is eligible. The difference between this and steps 4, and 5 is that those were about kicking people out of the kingdom that shouldn’t be there. This step is all about making sure that nobody from outside can get in.

 

6. Remote/VPN Security

In addition to step 5, make sure there aren’t any software or firmware patches that need to be applied to the remote access system. We are making sure the back doorto the kingdom is locked and there isn’t an crack in the wall. Think of this step as securing this back door even further with a padlock.

 

7. Firewall/Ports

Run an analysis on what ports are open on your firewall and see if they need to be open. Think of each port as a tunnel into the kingdom, a specific access route; Port 587 is incoming email, Port 25 is outgoing email. Specific roads for specific purposes, make sure there aren’t any roads or tunnels you forgot about that are no longer in use.

8. Device/Desktop Access

Make sure that your users are securing their devices when they’re not using them with passwords and that those passwords aren’t being posted anywhere for anyoneto see. Some people will tape their password to their monitor as a reminder to them in case they forget..this is an epic security failure!

9. Facilities

The last step is more of a brick and mortar facilities access review. Make sure facility management is deactivating card keys/physical keys that are no longer needed. Youdon’t need unwanted hostiles or former subjects walking through the front gates!

Conclusion

Our list is pretty general to all systems. Computers, Helpdesk, LMS, Webinar, it would apply to almost any system or SAAS you’re currently running. Doing this analysis and cleaning up unneeded user accounts and data could save your company a lot of money in the long run. So when it comes to the costs we here at Fortech Solutions believe that the benefits outweigh the costs extremely. This is why we fortify our clients’ kingdoms regularly and why you should call or email us for a free quote or consultation to secure your kingdom too!

Leave a Reply

Your email address will not be published.