Our managed services company stopped by to talk to us about their security services. Some were a duplication of services I already provide. Other things I’m embarrassed to say never occurred to me. (It was all pretty expensive. I can’t wait to see this quote. It should be worth a good laugh.) The meeting started me thinking about things I should be doing and things I could be doing.
Are there tasks you would do if you had extra time in your day? They don’t have to be security-related even though I’m suggesting things below.
Do you review logs checking for odd logins?
Do you check your backups every night or rely on emailed logs?
Do you review your firewall logs?
Do you run a cleaning job on printers each month?
Back when computers were huge and monitors were green & black there were tasks I had to complete every day – like changing a backup tape every day or checking my ridiculously small storage to make sure some user hadn’t depleted it all. Now each day is unique – something I love. Even when I plan my day, a help-desk call can turn things on a dime. But, a there simple preventative steps I should be taking but don’t because of time constraints?
A lot of these suggestions fall under the age old suggestion “Trust by
Verify.” Many of these tasks can be automated, but at some point in time
someone does need to make sure the lights are on and the machines are
all working properly. For example, my Canon printer at home will
automatically run a halftone cleaning operation whenever it has printed
sufficient volumes of halftone prints. I don’t have to do anything,
aside from occasionally going “Man, I haven’t gotten a halftone cleaning
print in a while maybe I should look and see if it needs to do one.”
Super easy for a single user printer managed by the person who uses it,
but at scale how on earth would you get your users to do something like
that?
Instead, it’s always useful to have some easy checks you can do with a
regular cadence (probably not daily, maybe fortnightly or monthly) to
check to make sure the robots are still minding the shop. Look at your
recent high-risk logins, verify your backups are working and restorable,
spot check server logs for unusual activity, review security policies to
make sure exceptions haven’t become the norm…
We should be focused on delivering business value, and part of that is
making sure the systems and tools we put in place for presumably
important reasons are still doing what they’re meant to be doing
correctly.