Last Updated on December 19, 2017
As 2017 draws to a close, you’re probably already planning for 2018. But don’t ring in the new year before you address these 7 critical IT security tasks that may have been neglected in the hectic day-to-day of the past twelve months.
1) Patch Your Software and Firmware
Even Saint Nick knows unpatched and out-of-date software and firmware on servers, endpoints and other devices is inviting hackers to your holiday party. If you’ve been putting off patches and updates, there’s no time like now to install them. You know you have to do it, and every day you delay just increases your security risk. Besides, if there are “issues” in your environment after the updates, you don’t want to be dealing with them in the new year.
2) Update Your Hardware and Software Inventories and Network Diagrams
As New Year’s Eve approaches, people like to reflect on the year gone by. Why not get some work done at the same time and reflect on your 2017 hardware and software purchases? Did you add all the new assets you acquired and scratch off all the ones you retired? You want these inventory lists up-to-date and accurate so you can detect unauthorized assets, which inherently increase security risk. Same goes for your network diagrams/charts.
3) Clean Up Your User List and Directory
Who left the company this year? Are they still hanging around on your user list? Time to whisk away their logins and profiles, and possibly delete or move some associated data.
While you’re at it, why not tune up the company directory? You might find some of auntie’s brandied fruitcake from last Thanksgiving in there—along with defunct user profiles that could be exploited by cyber thugs.
4) Change Those Passwords
Weak passwords are getting easier and easier for hackers to exploit, and basic best practices dictate that users should periodically change their passwords. The year-end is a “psychologically logical” time to mandate password changes. Don’t have a best-practice password policy in place? Make a New Year’s security resolution to implement one.
5) Test Your Backup Procedures
Backups are your organization’s lifeline in the event of a data breach, ransomware infestation, hardware failure or natural disaster. If you haven’t done so recently, now is a great time to confirm you can retrieve and restore backed-up data, and that your prior backups are viable. Don’t forget to check your SaaS application backups, too!
6) Review Security Policies and BC/DR Plans
Since your organization is dealing with sensitive data, hopefully, you have policies around things like email usage, web access, BYOD, remote office connectivity, encrypting data, etc. The purpose of these policies is to help employees make better choices and thus reduce security risks. Now is a great time to review and update your policies in line with business changes. You may also want to invest directly in your people by offering a security awareness training program.
Likewise, take time now to review and update your business continuity/disaster recovery plans to ensure they are up-to-date and address key security issues like backups and access to networks and data. If you haven’t done recovery planning yet, make it a priority for 2018.
7) Make a Security Resolution
If you could do one great thing for your IT security posture in 2018, what would it be? I invite you to identify one or a couple key areas where you’d like to implement a tool or process you’re lacking (e.g., penetration testing)—and make it happen in the new year.
If you head into 2018 with these 7 tasks handled, you’ll feel more confident that you can succeed with new goals as you keep your sensitive data and systems secure.
To talk over your IT security plans for the coming year, contact Pivot Point Security.
Interested in a checklist to see how ready you are for an ISO 27001 certification audit?
It's a little more complicated than just checking off a few boxes.
To learn more, download our ISO 27001 Un-Checklist now!