3 minute read
Security PitfallsWhen Setting Up Your Own Software
Security Pitfalls When Setting Up Your Own Software
Sarah Northcutt, Account Manager Sophicity: We put the IT in city
Advertisement
It’s still tempting for cities (especially smaller cities) to rolluptheirsleeves,purchasesomesoftwaretofillabasic need, and install it themselves. After all, there can’t be much to worry about.You don’t need IT professionals for that, right?
Wrong. As much as we admire a “go get ‘em” attitude, even the “simplest” software improperly installed can open you up to major security risks. As an example, Bitdefender published a recent article that described how lax security settings led to a sophisticated phishing attack against an Office 365 system that tricked users into giving up their usernames and passwords.
As the article warns:
“ ...this isn ’t the case of a hacker forging your email headers to pretend that the messages they are sending are coming from your business
’ s servers. They really are originating from inside your company ’ s email system. A compromised business email system. If you don ’t act now to harden your defenses and make it difficult for an attacker to breach your Office 365 system via this technique, then you have a ticking time bomb on your hands. ”
This warning applies not only to Office 365 but any softwarethatyoumayattempttoinstallyourself.Hereare some reasons why you need IT professionals to install, configure, and maintain even your most “basic” software.
1. Advanced administrative capabilities help IT professionalssmoothlymonitorandmaintainsoftware.
Today, quality software includes sophisticated administrative management tools that IT professionals understand how to use. For example, email software may include settings that involve storage limits and antispam filters. Document management software may include settings that involve retention schedules or permissions to accessfiles.Thereareevenadministrativetoolstomanage complianceanduseractivity.Alltheseadministrativetools helpITprofessionalsresolveissues,keepyourcitysecure, and make sure you stay compliant with any laws and policies.
2. Security and privacy settings need careful attention.
When non-technical users set up their own software, it’s typical to find that the security settings are set to default. But also, and all too common, we find that non-technical users have set up full access and administrative rights for themselves and other users. This creates great risk. As a result, security needs to be tight.
ITprofessionalscannavigateadvancedsecuritysettingsto help you with:
• User access and authorization • Password management • Two-factor or multi-factor authentication • Encryption • Monitoring suspicious activity • Taking specific actions after a security incident
3. Remote access needs careful attention.
Non-technical people often unknowingly give unsecured, open access to their networks through software. Whether your staff uses their own laptops, smartphones, or tablets
to access software, danger exists if sensitive or confidential information gets stored on those devices. Suddenly, you ’ ve increased your risk of a data breach nightmare.
Solutions like a thin client, application streaming, or a VPN along with device and data encryption need to be considered when giving users remote access. These solutions avoid problems related to data leakage or theft while only giving users access to necessary aspects of the software for their work use.
4. Improper software installation and deployment can lead to security issues.
While this may seem the same as the second point above, it goes beyond simply setting up the software. When you install software, you ’re installing it on servers and computers that may be unsecured or configured improperly. And when you deploy software, you are activating it within a network of switches, routers, and firewalls that may have security issues. Many variables exist when software interacts with an IT environment. IT professionals are familiar with such complex environments and can avert security issues related to installation and deployment.
5.Failuretopatchandupdatesoftwareleavesyouopen to hackers.
Thisyear,somethingthatusedtogettreatedasatechnical, menial task has become part of front-page headlines in mainstream news publications.Why? Failure to patch and update software is at the root of companies losing data to ransomware (such as the WannaCry attack earlier this year) and even at the heart of the Equifax data breach— oneofthebiggestandmostdevastatingdatabreachesever. Software vendors regularly put out patches and updates but many organizations—including many cities—fail to apply those patches and updates. That failure leads to gaping security holes that hackers exploit. Their attacks lead to data breaches and data loss.
Maybeyoucouldgoitaloneintheolddaysoftechnology, buttodayyouneedITprofessionalstohelpyousetupyour software. Despite your natural technical know-how, there are just too many security risks that a non-technical employee may miss when setting up software.
