As a business owner, you’re probably asking yourself if your network is secure. Maybe you rely on your Managed Service Provider to not only handle network monitoring and security, but also to ensure that your data is safe. The problem is that Information Technology is a fast-paced, ever-changing landscape; and security can be a rapidly moving target. In this series, I will dive into some of the aspects of IT security from the manageable low-hanging fruit to some of the more complex policies and procedures.
Network Security and Patches
To start us off, let’s talk about one of the most basic tenants of IT security: updates and patch management. While it may seem like a no-brainer, we cannot stress enough how important it is to always keep your network’s devices as up to date as possible while still maintaining business continuity.
New security risks are always being uncovered. For the most part, the only way to stay secure is to do everything you can to ensure that these vulnerabilities are remediated as quickly as possible. These practices apply not only to your server operating systems but also to any host servers and network equipment.
Patch Management Best Practices
One of the most prevalent things we see when onboarding a new client is a complete breakdown of the “Patch Management Life Cycle.” With very few exceptions, when we perform the initial network audits for new clients, their existing networks fail in the security patch management category.
There can be several reasons for this. Maybe uptime is a huge concern, and the infrastructure is not designed for the high availability that it requires. Perhaps the client has only recently grown to a size where they are looking for IT professionals to manage their network security.
In rare circumstances, maybe their previous IT provider was not mature enough to have a proper patch management cycle in place. Whatever the cause, this is a significant breakdown in a company’s security posture.
Checking Your Systems and Networks
So how can you be certain that your systems are up to date, and what are a few questions that you should be asking your IT provider? For starters, assuming you have access to your servers, you can log in, open a command prompt, and run the following command: systeminfo|find “Time:” This will show you the date and time of the last system startup. If this is more than 40 days, you can be guaranteed that the latest Windows patches have not been applied.
Questions to ask Your IT Provider
Knowing the time and date of your last system start-up is helpful, but doesn’t tell you much about your, firewalls, host servers, and wireless access points. When it comes to these devices, it’s time to hold your IT provider accountable by asking some simple questions:
- What is your patch management process?
- How frequently are the server BIOS and firmware updated?
- What is the current patch level of ESXi? (If your business uses VMware)
Any reputable service provider should be happy to give you the assurances you need.
Remember: as a business owner your data belongs to you, and you should never hesitate to assure that it is shielded as well as it deserves to be. Contact ACCi to discuss your IT service needs!