
When the "Obvious" Slaps You in the Face!

.jpg)
It is like a horror movie we have all seen where for some strange reason they are dumb and they go to the basement or they check that closet. Or someone gets robbed at their home and the police are reviewing the crime scene and the homeowner had an alarm system and they never activated it because they say “I just thought it would never happen to me!” Or here is the classic, “you lock the front door and the back door is wide open and you wonder to yourself how could that happen?”
It is like that in companies and securing your environment. We overlook the obvious! Or we do the dumbest things in our quest to secure our companies valuable intellectual property. From my role as a CIO of a manufacturing company in Chicago and my 20+ years of experience in the IT field, I have seen it all and still nothing surprises me even to this day. I have to always stand back from the controlled chaos of every day work life and review the obvious and make sure I am not overlooking anything that can bite me later. It is not about spending the most money, it is about good old fashion review and double check your work. I call it looking for the “Free Stuff”
A little good old fashion hands on review never hurt anyone - Here are some basic items to review for that “obvious” “aha moment” or the “Free Stuff” that I feel if always reviewed is your first line of defense.
Check This Out: Manufacturing outlook
In post incident review, it is often discovered that critical systems were left unpatched either since installation or over an extended period of time.
• Are my servers/workstations patched for all critical patches?
In a conversation I had with “Special Agent Aaron Van Hoff” on system patching who works “cyber matters” in the FBI Chicago field office and has 12 years with the FBI on investigating incidents where a company or persons are compromised by a technology hack, with his permission and I quote:
“Keeping systems up-to-date with the latest patches and hotfixes is a baseline principle of IT security, but unfortunately at times, it is a glaring oversight that we see in some victim companies that have been hacked. In post incident review, it is often discovered that critical systems were left unpatched either since installation or over an extended period of time. With the window increasingly shrinking between when vulnerabilities are discovered and when malicious actors develop exploits for those known vulnerabilities, it is crucial for IT security professionals to work quickly within that window in order to safeguard their systems from known threats.”
“Although staying current with system patches and updates is only one of many facets to a healthy defense in-depth posture for system security, the practice of ‘set it and forget it’ is more than likely exposing your company or organization to risk that is unnecessary. An idea to keep in mind is that the longer you go without patching your systems, the more vulnerability you have on your networks. This is a needless risk that can be mitigated by a well planned and executed patch management process.”
• Is my anti-virus up to date and working? Have I reviewed the logs? Am I getting any automated emails that most vendors give for free? Take advantage of the “FREE STUFF”
• Am I reviewing my server logs looking for log entries that pose an alarm and further investigate them thoroughly? Sometimes the automated programs like Solar Winds miss items like a cookie crumble or morsel, which will lead to a larger event. They say you are hacked six to nine months prior to the “Big Event” that takes place.
• Do I have a good backup of my critical data – in the case you are attacked are your backups working? Review the logs daily or at least weekly?
• The software is saying I have a good backup, “but” have you tested it? Test your backups with a restore at least monthly or quarterly. Like I tell my staff all the time - the one thing that will get you fired is not having backups and making sure they work! OBVIOUS!!!
• Document critical software and hardware and understand it thoroughly and in the case of a disaster your downtime will be minimal. Nothing I hate more in IT environment is “tribal knowledge” of one person who seems to have the answers and when they go on vacation or quit “you are stuck” and have to try under stress to get a hold of them and they magically get it fixed in five minutes! Document and then document some more. Then after you have documented – test that documentation on someone who has never seen or tried the software or process and have them truly test how good the documentation is. This is an ongoing process, in the end it will pay for itself in multiples of 100s.
► For example, I just had a network engineer leave for an opportunity closer to his home and because we documented all of his responsibilities and tested them, his departure had a very minimal impact on our department because we knew and understood what he did.
• Here is a BIG ONE – PAY ATTENTION FOR THIS ONE: “Educate your employees of their role in security of the companies data infrastructure”
► I had an experience not too long ago where a user came to the IT department and said he went to a supplier website from Japan and when he clicked on a link from the website, his whole machine started to do strange things. It was changing the items on his desktop to different extensions. What he had contracted was ransomware and it was encrypting his entire machine and would have spread to the entire network, however; his quick thinking said “remove it from the network” he unplugged his network cable. He was somewhat computer savvy and knew that he needed to do something and fast. We were able to redo his laptop and get him back running rather quickly. Damage very minimal.
I love this quote and it applies to my discussion in my article: “By small and simple things are great things brought to pass” – Alma
Paying attention to the little things makes all the difference!
Do not let “Obvious” slap you in the face, because it just may cost you your job!
Featured Vendors
Advanced Material Solutions (AMS): 'Next Level' Flaw Detection with SmartTest™ Advanced Resonance Inspection
Technology Coast Partners: Helping Latin American Manufacturers in their Digital Transformation Journey
Panasonic Factory Solutions Company of America: Computer-integrated Software to Streamline Manufacturing Processes
NDS Global: Delivers Integrated Enterprise and Digital Solutions for Next Generation Manufacturing C
Reveal: Increasing Investor Confidence and Customer Market Share with People, Processes, and Technol
Panasonic Factory Solutions Company of America Seamlessly Integrating Manufacturing Systems with Pan
Epalign: Committed To Building The Highest Levels Of Performance In Manufacturing Operations Todd An
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Digital technology will be the key enabler for Finavia’s growth
Hybrid Programming –-Pandemic-based or here to stay?
What did my children teach me about life, business, and innovation?
Covid-19 Response From An It Perspective
The Changing Role of IT within Banking Sector
Utility Cios Must Plan For The Impacts Of Artificial Intelligence
