If you think your organization is immune from cyber attack, you probably still believe the moon is made from cheese and Mars is full of little green men! The only organization that is immune from cyber attack is an organization that has no online presence and uses no computing devices more sophisticated than a desk top calculator in their entire operation. However, immune and vulnerable are two entirely different things. You will be attacked. Someday, somehow, by someone, you will be the target of a cyber attack. But the effectiveness of that attack will be determined by your vulnerability level. Think of your body as an analogy. Every day, you are attacked by various germs and bacteria, each capable of inducing illness. When you are healthy and your natural defenses are active, those germs are just neutralized and discarded without so much as a cough. But when your immune system is weakened, you are more vulnerable to succumbing to illness.
How “healthy” is your Information Security? Here are several practices that are entirely too common in the marketplace that all make you more vulnerable to being impacted by a cyber attack. Consider your corporate policy on these points and if you have these weaknesses, start taking action to inoculate your organization against these risks.
Ask yourself, or even better ask your CIO – does your organization:
- Give IT System Administrators full Domain Administrator privilege or access to the Domain Administrator accounts without a specific need. This is a sure way to open the flood gates if an administrator’s individual user ID is compromised. Such high-power access should be restricted for use only as-needed, and only for specific tasks, ideally managed under Change Control for audit and approval purposes.
- Force Administrator password changes every one or two months (30 to 60 days). While there may be discussion on what number is the “best practice”, and various regulatory agencies may have different opinions, it is universally agreed that passwords need to be changed with regularity. The higher the authority level the greater the risk, which should result in the shorter duration between changes.
- Deploy new workstations with cloned images, including the same cloned user ID and password for local Administrator and possibly other software products. If this is your practice, every new workstation is vulnerable until and unless the assigned user is savvy enough to change all the default passwords. (Hint: few users will even think about it, fewer will take any action!)
- Use a common Administrator password for all workstations. Even if you utilize an AD Group Policy to rotate the password frequently, if it is the same for every workstation, a single compromised computer becomes an open door to every system in the same group!
- Permit Domain Administrator privileges on accounts utilized by applications. If the application is breached, you would want to contain the problem to that application, not enable attackers to use it as a gateway to other systems and potentially gain direct access to the Operating System.
- Provide Local Administrator privileges for certain user groups such as remote staff or software developers. While this may ease support, it opens the door for deliberate, accidental or unauthorized installation of software, including malware.
Information Security is not easy and often times takes some discipline for end users. That is just a byproduct of trying to complicate things for hackers. You will face cyber attacks, but you do not have to leave yourself vulnerable so those attacks can be successful. Consider these topics as triggers for more dialog which can spur actions to help keep your data and systems secure!