We are pretty well aware of the malware risks that our users and family members face from spear phishing, watering holes, exploit kits, tainted downloads and so on.
As IT and security people, most of us like to think of ourselves as immune to these threats – we can spot a phish from a mile away. We would never download anything that would get us compromised. But, the reality is that it does happen. To us. We don’t even realize theat copy of WinRar was trojaned. And now we are off doing our jobs. With uninvited visitors watching. It happens. I’ve been there to clean up the mess afterward and it’s not pretty.
The computers that we use to manage IT systems and applications are some are some of the most sensitive in the average business. We ought to consider treating them appropriately.
Here are my recommendations:
- Perform administrative functions on a PC that is dedicated to the task, not used to browse the Internet, check email or edit documents.
- Isolate computers used for these administrative functions onto separate networks that have the minimum inbound and outbound access needed.
- Monitor these computers closely for signs of command and control activity.
- Consider how to implement similar controls for performing such work from home.
What do you do to protect your IT users?