If you've had any money in the stock market, it's been a bloodbath the last few weeks. It's hard to remember that any 10-year period in stock market history has always ended up with better returns than any other investment. As financial analysts argue over whether we are already in or just headed into a deep global recession, we are facing a rough, contracting period. People with good jobs are holding on to them tighter than ever.
And despite one well-sourced report to the contrary, most experts are predicting that IT spending is on the way down. In the period of falling revenues and expenses, each of us will be asked to do more with less. The heroes of this time will be those who save our companies money while improving security.
Regular readers are probably tired of me preaching to the converted, but I will posit my main security recommendation again: Spend more time on doing the basic things better instead of wasting money on unproven, guaranteed-to-fail, advanced security defenses. Here are some of the basics:
Inventory the hardware and software you have. I'm still surprised by how many companies do not have accurate inventories. How can you protect what you aren't even sure exists? If you know about all the hardware, do you have a list of all the installed software and services?
Remove unneeded software and services. Each installed software program and service is another potential attack vector. If it is not needed, disable or remove it. Simply not using it is not enough as rogue malware can often launch and manipulate it.
Once you've got a minimized list of software, patch your software. All of it. This means operating system files, big applications, browser add-ons, utilities, and firmware. On the last point, security appliances, such as firewalls and anti-spam devices, often go unpatched for years. Appliances as well as the applications you purchased them for have underlying operating systems to patch. If your appliance -- or copy machine or multifunction printer -- can be contacted using an HTML browser, it means it is running a Web server, which also needs to be patched.
Review active user accounts and remove those that are no longer needed. Make sure all remaining users have least privileged access necessary and secure passwords. Run a program to enumerate all the permissions to existing resources. You'll find people who have elevated accesses they shouldn't have. Secure passwords are long (10 or more characters longer) and are changed on a regular basis (maximum of every 90 days). Disable weak password hashes (such as LM, Crypt, and so on) and move to stronger hashes (NTLM and BCrypt, for example).