IT Maintenance & Monitoring
IT Maintenance & Monitoring is a critical ingredient in protecting your business from the ever-growing threat of cyber attacks. Organised Cyber Crime groups and individuals are targeting small & medium businesses with far more energy than ever before. The need for SMB’s to pay attention to this threat and take the required actions has never been greater.
Too often we hear of the crippling effect cyber-attack has on businesses and the total cost of interruption it often has. There’s a common belief between small and medium business that it won’t happen to them, but the last few years have proved time and time again that this is the largest sector affected.
- You aren’t too small for it to happen to you,
- You do have something valuable and worth stealing (your data)
- And you don’t have ‘nothing to lose’.
The trend towards targeting SMB’s has been acknowledge by the Australian Government introducing legislation known as the Notifiable Data Breach Scheme, which requires businesses with a turnover of $3million or more to notify the commissioner and those affected where personally identifiable data has been breached.
Just implementing Anti-Virus or ‘Having a backup’ isn’t sufficient. That’s like locking your car door at night and thinking no one can steal it. The approach to data protection and security needs to be layered, but also importantly cost-efficient.
We have published our recommended On-premise & Cloud Hosted Infrastructure basics which you can view by clicking on the links. But a key element in both is the ongoing Maintenance & Monitoring of your IT environment to protect your business data and that of others you may keep.
Weekly Backup Checks
Backup solutions aren’t set and forget. The truth is that they partially fail or stop working often for many reasons. There is an incredibly high chance that without monitoring, you will end up being one of those businesses that ‘thought they had a backup’. Only to find it stopped two weeks ago, and you are now facing data loss.
Whether your data is stored On-Premise or in Sharepoint Online, backing up your data is a critical step often not understood correctly.
How backups are monitored and maintained is important. We recommend that a Backup Status Check be performed three times a week. This can often pick up issues with the backup. Our standard backup service for both online and local backup includes three checks a week by an engineer to review the status of the backups.
This on its own is not a definitive check on whether backups can be restored, and so for these reasons, we recommend a monthly restore check.
Monthly Backup Restores
We recommend the following checks are done monthly:
- Backup Restore Checks – It’s not backups that count, it’s restores. Testing that backups can restore is a key step in data protection. Taking a test file or set of files and restoring them once a month firm up the completeness of the backup procedures, whether restoring from your server or Sharepoint.
- User Account Maintenance – Old user accounts are quite often the source of entry by cybercriminals. Ensuring only active user accounts are present and no abnormal accounts exist should be conducted monthly
- Office 365 Maintenance – Microsoft provides each of it’s business users an Office 365 security score. Apart from having various security features implemented, the following should be completed on a monthly basis:
- Two Factor Authentication Check
A check for any accounts not using two-factor authentication should be done monthly.
- Reviewing Office 365 Risk Sign In’s
With Office 365, sign-in locations are tracked and can be reviewed to show suspect accounts. If an account has signed in from a suspect overseas location, it may be that one of your accounts has been compromised. It’s worth checking if there has been any travel to the reported locations, otherwise the account should be suspended immediately.
- Regularly review mailbox access by non-owners
This is a check to see whether staff’s mailboxes have been accessed by anyone other than themselves. If an account has been compromised, often it will be used to gain access to other staff’s email addresses.
- Regularly Checks of Client Forwarding Rules
Often viruses will insert forwarding rules into staff’s mailboxes without the knowledge of the staff member. Checking that there are no suspicious forwarding rules is a great way to detect and prevent emails from being automatically forwarded to unwanted individuals.
- Patch Management
Security vulnerabilities in operating systems and common applications, as well as other software & devices are resolved by software patches being updated. This includes patches in common software like operating systems and web browsers. Patches should be scheduled and applied frequently (monthly) and while they can cause issues from time to time, the benefit out ways the downside of any issues that may occur from time to time.
- Staff Education through Test Scenarios
Educating staff by sending small snippets of information on the latest cyber-attack techniques, and using test scenarios by sending them emails that look suspicious is a great way to educate staff and minimise risk. Results can be monitored and staff awareness fine-tuned.
On-Premise Server Checks
For clients running On-Premise Server Environments, we also recommend the following:
- Maintenance– For Disk Space, Resource utilisation, and Server Event Log Errors.
- Unauthorised Login Attempts– Checking VPN & Server Logs for unauthorised login attempts is one way of identifying ‘bots’ that are attempting to brute force (automatically trying many password combinations) their way into your network. If you think this isn’t common, we see this occurring on client servers every week.
- Vulnerability & Security Scanning – It’s an essential part of staying a step ahead and protecting your organisation and the data of others that you may have on your IT infrastructure. We have outlined the key points here:
- Internal Network Scans – These types of scans look inside your network for known security vulnerabilities in the software you are running (not just Microsoft Windows software), missing patches, malware & spyware, suspect web extensions, open ports and many more. It also encompasses scanning of your data for items that pose a security risk like credit card numbers, tax file numbers or other personable identifiable data that should be secured. Not to mention files related to adult content, salary information, corporate IP, unsavoury browser history and saved browser passwords, and specific keyword searches that can be defined.
- External Vulnerability Scans – These are scans done against your router and on to any devices that the router has allowed access to. It highlights potential ways that your network can be breached by common cyber-attacks and can test accessing devices using known default usernames and passwords from other sources.