Lockdown
Desktops and workstation should be locked down and made as secure as possible. As discussed in the cyber security section, desktop and workstation anti-virus definition files should be kept current. These systems also need to be patched and up to date with security updates as well. In addition, clients, agents and 3rd party applications on desktops and workstations need to be updated to meet the software developer’s recommended version. I strongly suggest utilizing a centralized solution for managing workstation and desktop updates. This includes remote devices.
Security updates and patches should be scheduled. It’s best practice to utilize monitoring, logging and reporting tools to alert you and your team of threats and vulnerabilities.
If possible, the hard drives of your remote devices, workstations and desktops should be encrypted.
Accounts and Passwords
Administrative and privileged accounts should be managed closely. Unauthorized software and applications had great difficulties installing themselves or being installed without admin access. Lock down workstations and desktops to avoid unauthorized installations.
Institute a strong password policy for your end user community. A topic of your cyber security class mentioned above, should educate end users about the importance of keeping passwords safe and secure.
USB Storage Devices
Unauthorized USB storage should not be allowed. USB drives are a quick and easy way for cyber attackers to enter and infiltrate your organization’s network. I strongly suggest utilizing encrypted USB storage devices.
If possible, issue USB storage devices. If the IT department doesn’t supply these devices, your end users will supply their own. If the workstations and desktops are not locked down, this could present an issue. Lock them down.
Internet Traffic
Internet traffic should be filtered and logged. Centralized Internet filtering, logging and reporting is suggested. A centralized solutions is suggested.
Workstation Refresh
A workstation refresh cycle should be established. If your inventory has been completed, you have a good and accurate count of workstations that have been deployed as well as those that are deployable. You should also have a good idea of aged or possibly out dated machines in your environment.
Your refresh cycle can be established in waves i.e. by departments, groups or staff members. Some IT teams are resourced to perform several workstation refreshes a year. Many organizations stage their workstation refresh cycles over the course of years. However you decide to perform your workstation refresh cycles, it’s a good idea to have a refresh plan.
After a workstation reaches the end of its cycle, however that cycle is defined, that machine can possibly be repurposed or wiped and discarded.
Imaging
If you have workstation images stored, those images should be updated to help conserve resources during deployment. If you do not have a imaging plan or solution, create one ASAP.
Some IT professionals create a golden image and then perform updates and software installations after the image has been applied to a workstation. Another option is to create several images to coincide with various workstation configurations in your environment.
Windows Deployment Service is a good option for creating and deploying workstation images. Imaging is also a excellent tool for cloning workstations.
Servers and Storage
After completing your inventory, you now have a record of all your organization’s servers and storage devices. Right.
This is a good time to categorize these devices as application, file, print web, mail, etc. Categorizing these devices become more important as we discuss patching and updating your systems.
If your organization is utilizing NAS devices or a SAN, keep these devices updated and patched with the manufacture’s recommendations.
Backup
Backups are probably in the top three of critical services for many IT professionals. A good backup can save the day, literally.
As I mentioned in the cyber security section, companies such as Under Amour and Adidas were hit by cyber attacks just in 2018. However also consider government agencies in New Hampshire, Colorado and Atlanta were attacked by ransom ware. Government agencies in Atlanta had to actually temporarily switch back to paper due to this type of attack.
For those of us reading this guide who may not be aware, ransom ware is a particular type of attack that will lock your files. The attacker will demand payment in bit coin before unlocking your stuff.
The city of Atlanta spent more than 2 million dollars recovering. However the important note to make is that the city was able to recover using their backup media. If the city didn’t have a reliable backup system in place, they would have had little choice other than paying the ransom.
If your organization is still using tape backups, I understand. Perhaps if you need to perform a data recover, you can contact a caveman for assistance. I’m joking of course however I strongly suggest moving to a cloud based backup solution.
More seriously, keep you tapes ordered and neatly labeled. A good retention policy is ideal. Also consider arranging offsite storage of you backup tapes.
It is strongly suggested to implement data snapshots whenever possible. Snapshots can be your first go to for easy data recovery. Particularly if your network is utilizing virtualization, snapshots can be configured in Hyper v and VM Ware.
Disaster Recovery
So cutting to the chase, you need to develop a disaster recovery plan. The idea of disaster recovery is creating the ability to recovery from catastrophe.
Catastrophes can be described as infrastructure being destroyed. This can be the result of natural disasters such hurricanes and earthquakes or unnatural happenings such as arson.
While local backups can save you from attacks such as ransom ware, disaster recovery plans are created in the event backups are destroyed.
Offsite backups can be considered your first step in disaster recovery planning. If you’re backing up snapshots of your servers, storing or replicating your backups at an offsite location may allow you to spin up replicas of destroyed servers.
Also, consider infrastructure as a service. With your data and infrastructure positioned in the cloud, you can breathe a bit easier. If you’re interested in cloud services or offsite backup, contact www.Danntech.net.