Annual Task List For IT and Cybersecurity Admins

Here we are stuck in the middle of the COVID-19 pandemic.  If you are working in Information Technology, then you are part of the Critical Infrastructure of this country.

Most of the tech support and cybersecurity peers I have been talking with over the last month have been pretty busy deploying Work From Home (WFM) solutions.  But if you are getting to a place where the demand for your services is diminishing, and you find yourself with time on your hands, here are some items that could use your attention.

A lot of people I know are using the WFM and Shelter in Place weeks as an opportunity to engage in some seriously overdue housekeeping chores.  Similarly, there are annual or periodic tasks that IT administrators can tackle during available downtime.

  • Security or compliance audit – These are usually done annually.  Check to see if you can perform any of your mandatory compliance audits, such as the PCI-DSS or HIPAA audits, early this year.  Voluntary audits could be performed ahead of schedule too.
  • Vulnerability assessment – If your business performs an annual vulnerability assessment, maybe you can get this out of the way ahead of schedule too.  Another good reason to test now is to see how well your network security stacks up during this WFM period.  Testing all the new remote endpoints may be a challenge, but could have significant due diligence value.
  • Review security and event logs – Or take a look at some of the low level alerts that your syslog or SIEM is generating.  This is a great time to check if those low-priority alerts and threats you have been living with are really something more significant or dangerous.
  • Secure and test remote access technologies – This is especially important now that the systems are be stretched to the limit by WFH demands.  Maybe its time to go back and double check the configuration work that was done earlier for mistakes.
  • Update and schedule cybersecurity training – Bad actors and cyber-criminals are taking advantage of the chaos that COVID-19 has created to step up their attacks and exploits.  Many new campaigns are using COVID-19 phishing emails to trick end users.  This is a great time to update your training to include some examples current phishing emails and attacks.  Your staff, especially the WFM staff should be encouraged to review the new training materials.
  • Computer incident response plan updates – If your incident response plan did not include preparations for a pandemic, now is a good time to make that revision.  Also just a good time to review these sorts of plans, and update incident responder information and communication contact lists.
  • Operating system, firmware, and software updates – Updating and patching should be an ongoing process, but if your patch management has fallen behind, use this time to catch it up to date.
  • Systems maintenance – Bring in your vendors to perform systems maintenance tasks
  • Review firewall rules and update firmware – Perimeter defenses are critical parts of your security program. Makes sure your systems are configured to deal with the current threat environment, especially any remote access and WFM configurations.
  • Directory services (AD and DC) cleanup – If your organization has laid-off or furloughed employees, you should have disabled their user accounts and any system access.  This is also a great time to verify all the accounts in your directory services system.
  • Policy updates – This is a good time to review all your policies, starting with your Acceptable Use Polices, and any other special purpose system or network policies.
  • Research new products and services – If there are items on your wish list or technologies that are on your upgrade path, now may be a great opportunity to prepare for the future.

Are there other “housekeeping” administrative chores that you are planning to tackle right now?  If so, please leave a comment or drop us a line by email.

1

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Comments

  1. Hyderabad Smiles  April 23, 2020

    I appreciate blog posts such as this one. I will surely follow a few of them. Keep writing such detailed blogs. Thanks for sharing

    reply

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.