IT Maintenance & Monitoring is sometimes difficult for businesses to understand why they should invest in it. The most clear-cut reason in today’s world is Security & Data Protection.
Organised Cyber Crime groups and individuals are targeting small & medium businesses with far more energy than ever before. The need for SMB’s to pay attention to this threat and take the required actions has never been greater.
The trend towards targeting SMB’s has been acknowledge by the Australian Government introducing legislation known as the Notifiable Data Breach Scheme, which requires businesses with a turnover of $3million or more to notify the commissioner and those effected where personally identifiable data has been breached and there is a likely hood of serious harm.
It’s as much about protecting other people’s information that you hold as it is yours. There’s a common belief between small and medium business that it won’t happen to them. Yet time and time again it’s being proven that it does.
- You aren’t too small for someone to worry about,
- You do have something worth stealing (your data)
- And you don’t have ‘nothing to lose’.
Just implementing Anti-Virus or ‘Having a backup’ isn’t sufficient. That’s like locking your car door at night and thinking no one can steal it. The approach to data protection and security needs to be layered.
We have published our recommended On-premise & Cloud Hosted Infrastructure basics which you can view by clicking on the links. But a key element is the ongoing Maintenance & Monitoring of your IT environment to protect your business data and that of others that you may keep.
Please read our recommended IT Monitoring and Maintenance steps that all SMB businesses should implement.
Weekly Monitoring and Maintenance
We recommend only one weekly Monitoring and Maintenance Check.
Backup systems aren’t set and forget. The truth is that they stop working all the time for many reasons. There is an incredibly high chance that without constant monitoring, you will end up being one of those businesses that ‘thought they had a backup’. Only to find it stopped 2 weeks ago and you are now facing data loss.
How backups are monitored and maintained is important. There is a difference between:
- Receiving an email that said a backup failed or succeed – Often people don’t realise that they are no longer receiving an email about their backups if it stops working. And often it’s not reported entirely accurately. The case that everything has totally failed or succeeded is not generally the case and more detailed investigation is required. It’s an unreliable way to ensure your data is being backed up correctly.
- Having an engineer physically view the latest backup reporting at set intervals throughout the week is far superior and ensures that results are interrupted as required and ensure they can act when appropriately. Our standard backup service for both online and local backup includes 3 checks a week by an engineer to review the status of the backups.
- Restoring a test file or set of files from a backup set to prove that the files can be restored is an even better check. We recommend a test restore of files monthly though, which is outlined in our Monthly Checks section.
We recommend the following checks are done monthly:
- User Account Maintenance – Old user accounts are quite often the source of entry by cyber criminals. Ensuring only active user accounts are present and no abnormal accounts exist should be conducted monthly
- General server maintenance – For Disk Space, Resource utilisation, and Server Event Log Errors.
- Patch Management – Security vulnerabilities in servers & desktop operating systems, as well as other software & devices are resolved by software patches being updated. This includes patches in common software like web browsers. Patches should be scheduled and applied frequently (monthly) and while they can cause issues, the benefit out ways the downside of any issues that may occur from time to time.
- Unauthorised Login Attempts – Checking VPN & Server Logs for un-authorised login attempts is one way of identifying ‘bots’ that are attempting to brute force (automatically trying many password combinations) their way into your network. If you think this isn’t common, we see this occurring on client servers every week.
- Backup Restore Checks – Testing that backups can restore is a key step in data protection. Taking a test file or set of files and restoring them once a month generally isn’t a time-consuming process and firms up the completeness of the backup procedures.
Vulnerability & Security Scanning – It’s an essential part of staying a step ahead and protecting your organisation and the data of others that you may have on your IT infrastructure. We have outlined the key points here:
- Internal Network Scans – These types of scans look inside your network for known security vulnerabilities in the software you are running (not just Microsoft Windows software), missing patches, malware & spyware, suspect web extensions, open ports and many more. It also encompasses scanning of your data for items that pose a security risk like credit card numbers, tax file numbers or other personably identifiable data that should be secured. Not to mention files related to adult content, salary information, corporate IP, unsavoury browser history and saved browser passwords, and specific keyword searches that can be defined.
- External Vulnerability Scans – These are scans done against your router and on to any devices that the router has allowed access to. It highlights potential ways that your network can be breached by common cyber-attacks and can test accessing devices using known default usernames and passwords from other sources.
- Staff Education through Test Scenarios – Educating staff by sending small snippets of information on latest cyber-attack techniques, and using test scenario’s by sending them emails that look suspicious is a great way to educate staff and minimise risk. Results can be monitored and staff awareness fine-tuned.
Office 365 Monthly Maintenance Tasks
Did you know that Microsoft provides each of it’s business users with an Office 365 security score. The ability to maintain a high security ranking for your Office 365 account depends on a number of regular audits which Microsoft tracks. These include the following:
- Reviewing Office 365 Risk Sign In’s – With Office 365, sign in locations are tracked and can be reviewed to show suspect accounts. If an account has signed in from a suspect overseas location, it may be that one of your accounts has been compromised. It’s worth checking if there has been any travel to the reported locations, otherwise the account should be suspended immediately.
- Regularly review mailbox access by non-owners – This is a check to see whether staff’s mailboxes have been accessed by anyone other than themselves. If an account has been compromised, often it will be used to gain access to other staff’s email addresses.
- Ensure no white lists are enabled for users – Where a staff member sets up a whitelist on a particular person’s email address, it means that they will receive an email from this person no matter what the contents of the email. Any email filtering options will be ignored and the email will be delivered. If that person’s email account becomes infected with a virus and sends out to all people in it’s address list, your staff member will also receive the email.
- Regular Checks of Client Forwarding Rules – Often viruses will insert forwarding rules into staff’s mailboxes without the knowledge of the staff member. Checking that there are no suspicious forwarding rules is a great way to detect and prevent emails being automatically forwarded to unwanted individuals.
If you would like to talk to us about implementing these IT Maintenance tasks into your service, please contact us to discuss.