6 Signs You Need to Re-evaluate Your IT Security Strategy

Updated: May 05, 2009

We all know that the Internet is a dangerous place to do business. And we all know the basic drill for protecting our irreplaceable business assets: anti-virus software, anti-spyware, security devices, firewalls, the latest Microsoft security upgrades and so forth.

Precautions such as these fall under the umbrella of defensive tactics, securing your network behind a protective wall of hardware and software. Yet small armies of hackers spend all day, every day, looking for ways to break into your network, so it's no surprise when we read about systems being compromised. For instance, an employee's kid might use her dad's work laptop to download the latest Kanye West hit — and catch Conficker with it.

Maintaining a secure network requires more than the right hardware and software. It calls for an effective, flexible security strategy. If any of the following high-risk scenarios are familiar in your business, have a serious conversation with your IT security team. And do it first thing tomorrow morning, if not sooner.

1. You have the latest firewall. Your anti-virus software updates every 10 minutes. You're totally safe, right? Wrong! Depending on any particular security device or software suite, no matter how capable, can be a huge mistake. Firewalls can be bypassed by a hacker with the right hardware and zero-hour code, and clever worms can disable AV updates. You must think strategically, which means talking to your IT security team.

2. You changed your system passwords six months ago. You keep a list of them in your desk drawer. And to make them easy to remember, you use simple variations of names of family pets, kids and cars. Look out! You have set yourself up for a bad wake-up call. There's a well-established science of password-cracking, and hackers are expert in deploying it against you. You must follow best practices when it comes to passwords, and anything shorter than six characters changed every 90 days is unacceptable.

3. You haven't had a company-wide meeting on the subject of social engineering techniques in months. Or ever. Remember the 2004 tsunami in Indonesia? Remember the 2008 earthquake in China? Remember all those emails you got the next day including links to exciting photos of those disasters? Maybe you were smart enough not to click on them (thereby downloading some horrible worm), but are you confidant that every one of your employees was equally paranoid?

4. Your IT security team has been too busy to store data backups securely off-site — and too distracted to test those backups by performing regular restores. Malicious software attacks derange or corrupt business-critical databases every day. And there is no worse feeling in the world (trust us on this) than turning to your backup only to discover that it's damaged. You are doing full, daily backups, right?

5. Laptops that travel outside your place of business are not fully encrypted. You wouldn't believe how easy it is to crack simple password protection on a lost or stolen laptop. If your employees use their laptops to store private information (like customer credit card numbers), proprietary data or anything else you wouldn't want to see in tomorrow's newspaper, that information must be encrypted. Remember, under current laws and regulations, you may be legally responsible if confidential information is compromised due to your negligence.

6. You haven't had a serious conversation with your IT security team in months. Paying attention to security issues is the single most strategic move you can make in developing and maintaining an effective risk management plan. It's like keeping a watchful eye when you walk down a deserted city street. Security is a process, one that must be revisited repeatedly as new threats emerge. Every day.

This is just the beginning, a way to get you thinking about your IT security strategy in a new way. Are there another six danger-scenarios? Another 12? Only your security team knows for sure, so ask.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more