End of Year: Active Directory

In All by Alex Kallimanis

The end of the year is a great time to take stock of your IT infrastructure. Over the course of the year you have probably had some employees join, move within, or leave your organization. It is important to have your IT Administrator or managed services provider (MSP) perform an audit of Active Directory to maintain security.

User Privileges

A year in the life a business can see many changes. You might have found that a number of your employees have changed roles within the organization, and their permissions should reflect as much. Someone who moved from an entry level position to a managerial role should have higher access than when they started.  Likewise, if a staff member shifted departments their new permissions need to reflect their new place in the company. Also, if users have been added to or removed from your organization they should have their Active Directory permissions checked or deleted, respectively.

Software Privileges

As with users, the programs that an organization uses can change dramatically in a year. Maybe the software you’ve been using had a new Alpha release and the old program is taking up space. Or perhaps a new product has taken over where you had previously used something else. In either case these programs should be locked down, with their access rights revoked, in order to maintain the security of your data. As programs age they become vulnerable to hacks and exploits, which could put your information at risk. Programs that are no longer in use can also be taking up ports on your firewall. Ask your managed services provider to check on the status of programs with open firewall ports in order to clean up your network.

Prep Your Network

Many companies are implementing BYOD (Bring Your Own Device) policies for the workspace. This allows your end users the freedom of using their own computers, tablets, and smartphones for business use. However, if your network is not prepared for BYOD you might be compromising your data. An experienced managed services provider or IT administrator can tell you whether or not your network can support BYOD devices and the best ways to make sure that your proprietary data stays safe. Data security in BYOD situations can be strengthened in a number of ways. Changing the Wireless ID or password of your network will remove anyone with unwanted access, while giving guests a separate network ensures that they can’t get close to your data. Likewise, setting up password and device wiping protocols on handheld devices means that data won’t be compromised in the event of a lost or stolen device.

Understanding who and what is on your network is a good first step in Data Security. A yearly audit combined with the built-in tools of Active Directory allows you or your MSP to tailor your network to best suit your businesses’ needs.