The real Costs of IT Security (exponentially GREater
when overlooked)

Recent events in which malicious actors compromised parts of IT operations at Colonial Pipeline help underscore the importance of keeping servers (and workstations) up to date.

Now more than ever (and ever-increasingly), it's absolutely vital for business(es) to keep their servers, workstations and infrastructure (networking equipment, and all online/networked devices) up to date. Especially when there is a known critical patch, and multiple sources are advising us to "run, don't walk," to get said patch(es) applied ASAP.

Some general considerations and guidelines for practical and practicable security basics are as follows:Don’t neglect security updates (mac OS included).

Understand Backup as a part of Security as a whole, and do observe the “3-2-1” rule.

Ideally users should not have local admin rights - while this might be thought of as debatable for macOS, we advise that if the devices belong to an institution, then we strongly recommend having this as policy (users are not an admin), barring a demonstrated business-case need.

“A/V” (Antivirus software) should be understood as only one piece of your overall security practices (one of many), in fact beware of checkbox-thinking or “set and forget it" which should never be (mis)applied to security.

Remember not to seek easy answers to a complex and ongoing concern, in particular it's important to understand that no one aspect alone is a panacea. The old saw "security is a journey, not a destination" is invaluable in helping to understand the ongoing investments needed to safeguard your technology, users and data.

These are but a few prominent (but critical) aspects of security for your IT and ongoing operations.

Background header image for this post by JC Gellidon on Unsplash