As Sun Tzu put it, every war is won before it is ever fought.
Good IT network security policies don’t always allow you to see disasters, intrusions, and major failings coming over the horizon, but they do keep you confident that the castle will still be standing when it’s all over.
With that in mind, here are some recent and time-tested tips to keep your IT network ready for disasters, emergencies and other problems – whether they come from nature, or today’s quickly-changing IT and workplace landscapes.
DROP YOUR ASSUMPTIONS TO FIGHT ADVANCED PERSISTENT THREATS (APTs)
Roger Grimes has nearly a decade of experience helping large firms fight off APTs – and lately, he’s been working around the clock. “The question isn’t whether you’ve been compromised by an APT, but whether you’ve noticed it,” Grimes recently wrote in Network World.
Grimes’ most persistent lesson from his war stories: never assume. One example: after holding a meeting to reboot and slim down the number of domain administrators for an enterprise IT network, Grimes’ team received two domain administration requests – but the request form had yet to be sent out. The only copy was on a laptop on an air-gapped network. So how did… wait a minute…
“We figured out that the APT, led by insiders, had infiltrated all the conference rooms using the (networked) data display projectors and executive videoconference systems. They were watching and digesting all our supposedly secret meetings. Their only mistake was in not understanding that the form didn’t really exist yet and was not due to be sent out for months. Thank goodness for language barriers.”
USE PODCASTS TO KEEP UP WITH NEW THREATS
You think you have time in your week to read up on the latest IT network news, vulnerabilities, fixes, and practices, but then your week actually happens, and it’s Friday already and people are rushing out the door, so you end up leaving and hoping nothing happens while you’re out of town that weekend.
One of the least annoying intrusions of work into personal time is a good podcast. You can listen while you wash dishes, commute to or from work, or while walking the dog, all while getting your “reading” done.
ITworld has a good round-up of 15 security podcasts. They date to 2010, but many are still going strong. Browse the iTunes podcast directory or your favorite app’s podcast store to see what else is new and fun in your field.
USE THE CLOUD TO PREPARE FOR DISASTERS (TECH AND NATURAL ALIKE)
The cloud is many things, and not perfect for every need of every firm. But there is one thing you can say about cloud-based backup and disaster recovery plans: if your building is flooded, or on fire, or in a mudslide, your cloud backups are not.
Cloud-based disaster recovery is picking up steam, so much so that more than 50 percent of Tier-2 firms are backing up daily and 79 percent want to upgrade their recovery capacity, according to a recent Microsoft survey. Of course, Microsoft is a cloud provider, so they have some skin in the game. But also consider what happens if your physical building is at risk: could you call a U-Haul and start again next week?
GET EMPLOYEES TO RESPECT THE WORK
Employees don’t know that IT network security is part of their job, but they should. Everybody who has access to customer data, secure data, and crucial system functions should be lightly tested. There should be a policy they can read and summarize. And you show them how they’re helping. After all, they’re the foundation of your business success.