The typical computer network usually has a closet full of skeletons. Now, there could be more than one closet in any organization, but here I speak of the IT closet, and its name is convenience. It is filled with seemingly harmless security compromises designed to make work more enjoyable, and in the short term, more productive. Filling this closet usually occurs slowly over time, not overnight, and the effects can have serious consequences.
Two of the most common issues are both simple and understandable: passwords that aren’t as complex as they should be or that never expire and granting levels of access well above what is necessary for someone to perform their job. Often the latter comes in the form of an administrative level login or administrative rights to a workstation or server that aren’t necessary. Frequently, these compromises are made to sate the desires of an executive who wants to feel unrestrained — a common occurrence. They are done with the hopes that removing hurdles will increase productivity and/or efficiency. But at what cost?
The main point is you need to be candid with yourself about the compromises your organization is making in the name of convenience. The first step is recognizing that you’re making them. Then you must then acknowledge these decisions could be jeopardizing your company’s security. This awareness allows you to take inventory and then remediate your issues.
Such an inventory should cover internal security practices, policies and procedures for external systems your organization relies on, training policies for staff, and configuration standards and auditing practices. This is not a comprehensive list, but it’s a great place to start.
If you’re having trouble getting started, contact us to discuss how we can help you identify the skeletons and then begin removing them for effective change. Working together, we can create a game plan to get your compromised IT closet cleaned out — and keep it that way.
So, what’s in your closet?