Security Pitfalls When Setting Up Your Own Software
Sarah Northcutt, Account Manager Sophicity: We put the IT in city
It’s still tempting for cities (especially smaller cities) to roll up their sleeves, purchase some software to fill a basic need, and install it themselves. After all, there can’t be much to worry about. You don’t need IT professionals for that, right?
Wrong. As much as we admire a “go get ‘em” attitude, even the “simplest” software improperly installed can open you up to major security risks. As an example, Bitdefender published a recent article that described how lax security settings led to a sophisticated phishing attack against an Office 365 system that tricked users into giving up their usernames and passwords. As the article warns:
“...this isn’t the case of a hacker forging your email headers to pretend that the messages they are sending are
coming from your business’s servers. They really are originating from inside your company’s email system. A compromised business email system. If you don’t act now to harden your defenses and make it difficult for an attacker to breach your Office 365 system via this technique, then you have a ticking time bomb on your hands.” This warning applies not only to Office 365 but any software that you may attempt to install yourself. Here are some reasons why you need IT professionals to install, configure, and maintain even your most “basic” software.
1. Advanced administrative capabilities help IT professionals smoothly monitor and maintain software.
Today, quality software includes sophisticated administrative management tools that IT professionals understand how to use. For example, email software may include settings that involve storage limits and antispam filters. Document management software may include settings that involve retention schedules or permissions to access files. There are even administrative tools to manage compliance and user activity. All these administrative tools help IT professionals resolve issues, keep your city secure, and make sure you stay compliant with any laws and policies. 2. Security and privacy settings need careful attention.
When non-technical users set up their own software, it’s typical to find that the security settings are set to default. But also, and all too common, we find that non-technical users have set up full access and administrative rights for themselves and other users. This creates great risk. As a result, security needs to be tight.
IT professionals can navigate advanced security settings to help you with: • • • • • •
User access and authorization Password management Two-factor or multi-factor authentication Encryption Monitoring suspicious activity Taking specific actions after a security incident
3. Remote access needs careful attention. Non-technical people often unknowingly give unsecured, open access to their networks through software. Whether your staff uses their own laptops, smartphones, or tablets 28
SOUTH DAKOTA MUNICIPALITIES
