What are the most common issues affecting security and compliance?
Here we'll be talking about three of the most common security and compliance issues that you should be looking out for.
Security and compliance are of paramount importance when ensuring your end-user IT service is of a high standard. These may not affect end-users' day-to-day, but the disruption caused by a potential compliance issue or security breach will certainly affect their experience should it happen. And so the security readiness of your computer environment is really important to have a handle on.
1. Disk encryption not enabled
We found in our analysis of over 1000 customer environments that over half of desktops do not have disc encryption enabled, and almost one in 10 laptops do not have disc encryption enabled. We also found that nearly a third of desktops have no secure boot enabled and over one in 10 in laptops. If there is BitLocker enabled but no secure boot, then Bitlock is not secure. This is a big issue for security!
Someone can literally break in, steal your desktops or laptops, and access all your data. Disk encryption is something every laptop must have enabled, and it is good practise to do so also on desktops. In Windows, this means BitLocker, and on macOS, is having File Vault turned on.
However, not all Windows laptops and desktops have the required hardware, which is the Trusted Platform Module needed for BitLocker. Some consumer versions of Windows also do not support BitLocker, which is an example of the importance of ensuring that the right version of Windows is installed.
2. Unnecessary admin rights
In our analysis of over 1000 customer environments, one in six desktops and one in five laptops were carrying additional admin rights. For Windows, there have always been two main rules for building a secure system: First, you need to have secure boot and BitLocker or strong physical security. And second, you must not be using admin rights at all in daily use. Unnecessary admin rights granted to users make your environment less secure and more difficult to manage.
Some users may have legitimate reasons for admin rights, for example, software developers. And there might be some special software that cannot be run with normal user rights. But often unnecessary admin rights are given and then forgotten about and not reset, even if they're not needed anymore.
There exist software products that you can use to grant temporary admin rights to users in controlled manner that alleviates the need to give permanent admin rights even in those special cases.
3. Critical security updates are not installed
If you're in end-user IT, you're used to pushing out security updates using your IT management tools. But how can you be sure that they've successfully installed?
It is all too common for IT management tools to report that security updates are installed where in fact they've been pushed out, but not successfully installed at all. One reason for this may be the case that users never shut down or reboot their computers and therefore updates don't have a chance to happen. You should verify that security update process is working and that end-users start and restart their computers on a regular basis so that these updates can be installed.
As seen in a shared sample of computer environments using a Applixure, there are 102 devices here that have not been restarted for at least a month and up to three months. It's important to be on top of these devices to ensure they're fully up to date and secure.
