New Year lull makes time for security house-keeping
Stuart Hodkinson outlines some security tasks more easily done over the holidays
Hodkinson: A quiet time is a good chance to overhaul security and authentication for your customers
Many companies shut down or drastically reduce activity over the Christmas-New Year holidays. This quiet period is a good chance to catch up on non-critical jobs that have been delayed. Some may also use the time to get ahead for the first quarter.
The lull also provides a perfect opportunity for criminals to target known vulnerabilities and lapses in end-user security and authentication management. Malware activity often peaks in December.
Due to the recession, many companies have a backlog of fully functional network access credentials from former employees waiting to be deactivated. While active, they can be exploited.
Large companies where lay-offs may have been more widely publicised are at particular risk of being targeted during quiet holiday periods. They should make more effort to maintain security measures, regardless of reduced traffic.
The lull also is an ideal time for VARs to do some tidying and tightening, such as deep-cleaning of access privileges, redundant accounts, out-of-date security tools, or tuning firewalls and other perimeter defences at client sites.
Not only do you limit the disruption to your customer, but you make the provisioning and de-provisioning workload more manageable when full-time staff return from their holidays and seasonal casuals depart.
For most companies, Q1 is a key trading period. A new year refresh of desktops and servers may add to the IT workload.
The lull is also a good time to check out automated user provisioning. Tools that automate as much of the process as possible and clearly outline who should have access to what will help minimise future workloads and disruption.
Assess, add or remove user privileges as needed. Doing this while workload is down gives you the time to do it properly, and make adjustments as people filter back into the office for the New Year.
Update all antivirus definition files, particularly on mail servers and perimeter defences. If using an external mail filtering service, update keyword filters, white lists and black lists.
This is also a good time to check that data back-up processes are working properly. Test tapes for corrupted data, evaluate access to back-up data and check what is being backed up.
Does the customer plan an OS upgrade in the new year? If so, it is important to know what devices it has and who should have access to them.
Stuart Hodkinson is UK general manager at Courion