Three security warning signs
Let’s face it, you’re not a security expert, that is what your IT team is supposed to be for. How do you know if they are actually experts? Security is the big trend in IT right now, which is great because the industry has an incredibly poor record and approach, but it is also bad because the same IT teams who got breached yesterday are re-branding as security experts today. The more mature an IT team’s operations are, the harder it can be for you to tell, but there are a few telltale signs that an IT team has zero credibility when it comes to security:
Your IT team all uses the same admin login. Good administrator security involves securing things through multifactor authentication (MFA) and being able to audit/lockdown individuals. A shared account usually means MFA is being bypassed (either turned off or by having access stored online in a central location), and also there is no way to know who was performing work. The common excuse is that multiple admin accounts takes more effort, but this is a cornerstone of good security and embraced by every organization with mature processes. There may be occasional reasons that a single admin account is needed, but if you see your IT team always logging in with the same account, immediately sit down and discuss why.
Your firewall is swiss cheese. Ports are how computers and servers talk to each other, and a firewall’s job is to only allow certain traffic through certain ports. Dangerous ports are left open to the internet all the time, and are the leading cause of breaches. These may be setup through ignorance, or justified in a poor manner (“it is just briefly for testing!”) It is the equivalent to putting a ton of security at the front door, but the side entrance does not even have a dead bolt.
There is a neat free tool here: https://hidemy.name/en/port-scanner/, click “insert my IP address” then choose to run a scan. It is typical to find some ports open, but many IT departments are leaving highly dangerous ports such as 139 & 445 (file shares) or 3389 (remote desktop) open directly to the internet, making your servers a gold mine to hackers.
A great example of why these ports are such a huge deal can be found here. One of the biggest datacenter companies in the world was breached because they left multiple
No regular reviews of security or policies, active user accounts, or risk. Everyone is so focused on the latest AI-powered services, or a revolutionary new something, that they ignore the fundamentals. One example is that breaches frequently occur through third party vendors, and many networks that we audit have vendor admin accounts active for contracts that ended months ago. On a quarterly basis you should be auditing active network accounts to catch any that can be shut down. Reducing your attack surface (i.e. the various ways you can be attacked) does an excellent job reducing your risk.
The Wall Street Journal recently interviewed us about how the IT consulting industry can keep itself secure due to a generally poor track record. Now is your chance to go straight to the experts, give us a call and let’s discuss shoring up your security today.