Bad actors scan the internet continuously for easy targets and systematically try to both find and break into all systems they find using the internet.  Sometimes your users will be the ones to bring the attackers to your front door by visiting a malware website from a mass text message or spam message.   Attackers attack the weakest systems.  Don’t be the slowest antelope that they come across.

At a recent security webinar, attendees were reminded of some of the basic infrastructure security principles.  Some of these seem pretty fundamental but it’s always good to have a reminder to stay vigilant.   Here are the high points that might be valuable to remember often.

• Virus Protection is not enough.  The world is constantly changing and pattern-based virus protection is not enough to protect an organization.  Some of the most devasting malware and viruses are zero-day virus that haven’t been identified yet by antivirus vendors.
• Not all threats are file based.  Some are delivered via standard Windows tools, web browsing, and/or scripting without ever putting a rogue binary on your systems.
• If you are not automating patching and security, you are falling behind.  You need to have the vulnerabilities closed before they are exploited.
• You need to review logs and have appropriate monitoring.  Security is not a set it and forget it approach as the threats are constantly changing and evolving and examining logs will help companies pick up trends and abnormal activities.

Additionally, make sure you are taking backups but even more importantly, make sure you are testing your restores to make sure the backups you are taking are valid and your processes are understood and can be executed when needed.