In survey after survey, one of the most pressing computing concerns for SMBs is robust and effective IT security. The old saying that ‘you get what you pay for’ is entirely appropriate in this context, since when it comes to securing systems and networks, businesses would do well to pay for expertise. By moving to a managed programs model for the installation and maintenance of their software systems, small and medium sized businesses can have a true expert handling their needs. Such an expert will be privy to a whole host of tips and tricks that will never even occur to personnel who have limited understanding as to the way computers and networks actually work.
An IT support expert can do much more than merely follow instructions by the book, which may be the case with non-specialists handling company systems. Managed programs staff will know that most hacking attacks exploit the privileges inherent to administrator accounts. In most businesses, this is the default type of account since it offers some convenient features. These accounts, however, also represent a significant vulnerability.
Two IT solutions that can prove useful to help improve SMB computer security are renaming administrative accounts to obscure them, and eliminating them in their entirety. Malware that searches for accounts named ‘admin’ or ‘systemadmin’ will be stymied by either one of these strategies. The latter solution is more robust because it means that an employee processing daily workflow will be using a limited account that a drive-by website will find more difficult to manipulate.
Another useful technique is to install network services only onto ports that are considered “non default’ for that service. Most malware that exploits ports is written to work on default ports for a certain type of program or protocol. Simply by arranging programs to talk through alternate ports, these programs can be frustrated.
A similar trick on the server and workstation level is to install applications to user-created directories. Keeping all programs installed in the Windows-designated location may offer some convenience, but it opens the system up to world of attackers that expect it to be organized in precisely that way. The same is true for data; on a PC system, the first place most malware will look for personal files is in ‘My Documents.’ Setting up a personal documents folder in a directory called ‘Current Stuff’ located at the root level of a drive is a simple fix that will keep many attacks at bay.
IT support that uses a managed programs approach guarantees the SMBs will have access to personnel able to think outside the box in these and other creative ways.
IT Security Related Posts: