Security patches, Antivirus, Firewall, VPN . . .
All nice feel-good terms, right – but do they matter?
OK, yes, they matter.
You know what really matters though?
Your relationship with your IT staff. Your involvement with your IT staff. Your knowledge about what your IT staff does all day.
THAT’S what matters.
The biggest mistake you can make in IT is not being involved.
Where is your data located and how is it backed up? Seriously, how many backups do you have, where are they stored, and when’s the last time YOU tested a backup? Have YOU pseudo-deleted an important file and asked IT to restore it as a test?
How about disaster recovery? Exactly how long will it take you to recover from total disaster (let’s say your building burns to the ground)? How long until your business can be 100% operational in another location? Have you tested the strategy? You, personally – have you seen the strategy tested?
What about those pesky patches and updates? When’s the last time you’ve viewed a report showing you exactly which PCs are up-to-date and which aren’t? What percentage of your devices are 100% up-to-date with the latest Mac or Windows updates?
Is your firewall 3 years old? Do you know that firmware updates (i.e. software updates that fix security holes) are released often for those devices? How many firmware versions behind is your firewall at this very moment?
Ransomware? Ah yes. Are you aware that your server can be configured to be highly resistant to ransomware? What specific steps has IT taken to prevent ransomware from destroying your data. (Hint: If the answer is “well, we stay up-to-date with antivirus software”, they’re not doing their job).
What were the results of your last penetration test (you have run a pen test, right?)? Did you resolve any security holes that were discovered?
You see where I’m going.
Don’t hang your head in shame – you’re not alone. I have no hard statistics to back up my claim, but I’d bet that 95% of the people reading this never verify the integrity of their IT systems, yet those systems are the heart and blood of their organizations.
OK, I’ll shut the sarcasm machine down now. : )
Being involved in IT is not as difficult as you’d think. You need IT folks to do the “work” and maintain your IT investment – and no one expects you to know how to update the firmware on a firewall.
However, it’s not asking too much to ask that you review some proof that it was updated – or that your backup systems work – or that your servers can survive a ransomware attack.
Trust, but verify, right Ronald?