This post was written by Uptime Preservationist Don Spidell. View Don’s profile on Nxtbook Media’s System Administration Team Page.
IT security. It’s not a popular topic of conversation at parties. It isn’t fun and it isn’t sexy so it doesn’t get the proper level of attention it deserves. It often goes ignored in many companies until there is a security incident. Then, it’s suddenly at the forefront of everyone’s mind.
Hacking into corporate networks and breaching electronic safeguards may have started out as a fun game for bored teenagers in the mid 90s, but it has become big business these days. Credit card numbers, medical information, identities, and even Facebook profiles are worth a lot on the black market. They’re worth enough to safely say that a breach of your IT security is not a question of if, but when. It will happen. What are you going to do about it? It’s easy to discount the threat of cyber criminals by rationalizing that your company doesn’t have anything worth stealing, but with so much information stored electronically, there’s plenty that’s valuable to somebody.
So how can a company protect itself in today’s climate? There is certainly no silver bullet or magic firewall that will offer the best protection, but rather a combination of policy, technology, and a vigilant IT staff. IT security is equal parts technical and non-technical. Part of what the Nxtbook Media IT department does is to make sure that IT security is regularly maintained, reviewed, and updated. We spend time applying security and bug fix patches to our fleet of servers, reading and responding to security bulletins on a wide variety of topics, and scanning our own systems for weak spots. One of our largest IT vendors and partners, Amazon Web Services, lets us know when they detect a possible security risk with our cloud infrastructure so that we can evaluate it and respond. We also review and update incident response plans, recovery plans, and security policies. We build the very best lines of defense we can, but we also set up logging and monitoring so that if someone gets in we know how they got in, who is getting in, what they did, and how far they got. This approach helps the assessment and response phases better than just setting up a big firewall, calling it good, and hoping for the best.
Does all of this sound tedious? Perhaps. Especially for someone who wasn’t properly trained for it. But it’s a whole lot better than fielding angry phone calls from company executives, clients, and stakeholders after a security breach and having them ask how we could let this happen or what we’re going to do now.
Rather than ignoring your IT security measures, or relying on the belief the security is functional until a breach proves otherwise, consider an IT audit. This service serves to illuminate any potential weaknesses, and if you work with a Nxtbook Media IT Professional, will work through a variety of options for security fixes or maintenance. Get started on your IT security plan, and rest easier this season knowing your data is protected.
December 2nd, 2014 by Joy Beachy