Working in IT is a tough gig. We are responsible for ensuring all systems are go, while continuing to advance technology and keep the bad guys from getting into our network and causing havoc. A breach is one of those things that we normally worry about but until it happens to you, its just this abstract worry. Something that we know would suck but will probably never happen.
The recent news that the breach at Maersk totaled 45,000, 4,000 servers and up to 300 million dollars is sobering. Sure, you could just say “well you should have patched your systems!” and that is a reasonable conclusion, but at the same time anyone who works in IT must have some empathy for the folks at Maersk. IT is hard. IT is complex. IT is stressful. They have learned from the ultimate lesson that all of us fear (and should fear) every day. Let us learn from their mistakes.
Chances are, you know of a vulnerable practice being done in your environment right now. Don’t wait any longer to fix it. Do it now. Don’t look back and think “sh*t I knew I should have taken care of X”. It is not worth the procrastination.
The bottom line is that regardless of the size of your organization, you need to do these things at minimum:
- Patch frequently (OS, software,firmware)
- Don’t give local admin access to end users
- Ensure Anti-Virus software is installed and definitions are up-to-date
- Don’t run unsupported operating systems
- Use firewalls
- Change passwords regularly
- Educate end users (arguably most important)
If you can do these things you are probably more secure than most.