Is my network secure? As a business owner, this is a question you should always be asking yourself. You rely on your Managed Service Provider to not only keep your businesses’ network running at peak performance, but also to ensure that your data is safe. The problem is that Information Technology is a fast-paced, ever-changing landscape; and security can be a rapidly moving target. In this series of posts, I will dive into some of the aspects of IT security from the manageable low hanging fruit, to some of the more complex policies and procedures.
To start us off, let’s talk about one of the most basic tenants of IT security: updates and patch cycles. While it may seem like a no-brainer, I cannot stress enough how important it is to always keep your network’s devices as up to date as possible while still maintaining business continuity. New vulnerabilities are being continuously found, and for the most part, the only way to stay secure is to do everything you can to ensure that these vulnerabilities are remediated as quickly as possible. These practices apply not only to your server operating systems but also to any host servers and network equipment.
One of the most prevalent things I see when on-boarding a new client is a complete breakdown of the “Patch Management Life Cycle.” With very few exceptions, when we perform the initial network audits for new clients, their existing networks fail the security patch portion. There can be several reasons for this. Maybe uptime is a huge concern, and the infrastructure is not designed for the high availability that it genuinely needs. Perhaps the client has only recently grown to a size where they are looking for IT professionals to manage their systems. In rare circumstances, maybe their previous IT provider was not mature enough to have a proper patch management cycle in place. Whatever the cause, this is a significant breakdown in a company’s security posture.
So how can you be certain that your systems are up to date, and what are a few questions that you should be asking your IT provider? For starters, assuming you have access to your servers, you can log in, open a command prompt, and run the following command: systeminfo|find “Time:” This will show you the date and time of the last system startup. If this is more than 40 days, you can be guaranteed that the latest Windows patches have not been applied. That’s all fine and good, but what about your switches, firewalls, host servers, and wireless access points? When it comes to these devices, it’s time to hold your IT provider accountable. Ask them to provide you with information about the patch cycle that they exercise. Ask them how frequently the server BIOS and firmware are updated. If your business uses VMWare, ask for screenshots showing the current patch level of ESXi. Any reputable service provider should be happy to give you the assurances you need.
Remember that as a business owner your data belongs to you, and you should never hesitate to assure that it is shielded as well as it deserves to be. Contact Truewater to discuss your IT service needs!
By Joshua Lackey
Truewater Project Manager