Employees come and go on a regular basis. Summer interns turn over more frequently than full-time employees, and temporary employees are gone in a few weeks. Are you 100 percent certain that all former employees are disabled in Active Directory? Allow us to run an audit of authorized users versus your latest Human Resources list of current employees. You may be surprised at what we find.
Also, are there any computers still joined to your Active Directory Domain which are no longer actively being used? How about in a Bring Your Own Device scenario? Were any BYOD devices joined to the domain that the employee has since sold on eBay without telling you? If you can think of the scenario, it has probably happened. Let a full audit put your mind at ease.
The most important thing to understand about using cloud services is that you are still responsible for securing your servers. People often think that if they move their servers to the Cloud then someone else will manage them. While boutique, white-gloved, cloud providers do exist, most cloud providers only guarantee some level of uptime (i.e., a basic level of the facility not losing power) and protection against hackers getting in through their infrastructure. This means they protect against hackers hacking their backend systems and getting to your system through the hypervisor on which your virtual machine runs. If you are running any internet-facing service, you alone are responsible for making sure your operating system is up to date and that all ports are locked down and no known vulnerabilities exist. Allow us to do a Cloud Configuration Audit to help protect your online data.
Most cybersecurity professionals are aware of the CIS top 18 controls https://www.cisecurity.org/controls/cis-controls-list/ . The number one control on this industry standard list is to have a complete inventory of all devices on your network. Vulnerabilities could exist if an old device which is no longer patched is allowed to linger on the network. A more malicious scenario can also occur when rogue devices have been planted on your network. It could even be the case that a rogue wireless access point has been put on your corporate network, allowing files to be downloaded from the parking lot. This actually happens more often than you would think. https://www.juniper.net/documentation/en_US/junos-space-apps/network-director3.1/topics/concept/wireless-rogue-ap.html and https://it-explained.com/words/rogue-access-points-explained-explained . Engage us to perform a Network Architecture Audit to help identify and remove any unwanted devices on your network.
What devices do you allow on your network? Do you have a Bring Your Own Device (BYOD) policy? In today’s remote workforce environment, companies are faced with the issue of buying every employee a new laptop for home use or to allow employees to use their personal computers for work. If you have chosen the BYOD route, what have you done to ensure those devices feature all of the proper protections? By authorizing the use of personal devices to process company information, you assume liability for client data loss due to a lax cybersecurity posture. What size of a lawsuit would you have to lose in order for it to have been cheaper to buy everyone laptops for remote work? We can help you make the correct decision on remote device policies and to bring to light cyber vulnerabilities caused by having a myriad of unprotected devices accessing your network.