Is there an open-door policy on your network?

July 7, 2016|Abe Babler, Steve Hyde

Open-door policies with your manager are good. But open-door policies on your computer systems can be downright dangerous!

People want access to your network to gain financial information, payroll data, intellectual property—and they’ll do anything to get it. Oftentimes, the attacks on companies are multi-layered utilizing a combination of information or vulnerabilities to successfully compromise the information systems. The best defense? A multi-layered security strategy.

Establish strong information technology usage policies (including change management and patch reviews)

Up to 70% of IT security issues originate from internal staff not following uniform practices.

  • Determine who may have access to the systems and how they may be used, and ensure that every employee reviews the policy before they start working at the company.
  • Every time someone leaves the company or changes positions make sure your IT team is informed and that access rights are reviewed.
  • At least annually review the access rights of all of your users—you never know if someone just fell through the cracks...
  • It’s helpful to have an outside assurance firm perform a compliance audit or security assessment that can help determine if the internal controls are sufficient or if there are gaps that should be addressed.

Perform a vulnerability scan

This service utilizes tools to analyze computers, networks and applications for potential weaknesses. Hackers use these same tools to look for open ports within a network—potentially like finding an open door to help exploit your information. Using this tool can also help in creating a network inventory as well as verification of network security.

Have a penetration test performed

A penetration test uses a variety of methods for trying to exploit weaknesses in multiple areas (servers, web applications, wireless networks, mobile devices and more). Once a vulnerability is found, testers will attempt to compromise additional internal resources and dig deeper into higher levels of security clearance. A penetration test typically collects the vulnerabilities and presents them to IT and network managers to assist in prioritizing remediation efforts.

Companies are increasingly asking for social engineering tests to be performed alongside the penetration tests to determine if hackers can gain access by manipulating key information from employees themselves.

Having an ethical organization trying to hack into your computer systems provides a variety of benefits. Beyond identification and prioritization of vulnerabilities, the test helps your company meet regulatory requirements (and avoid fines), preserve your corporate brand and customer loyalty, and avoid costly downtime or litigation costs if a breach were to occur.

Run these tests regularly

This is especially important if new locations have opened, policies have changed, or if changes have been made within the IT infrastructure. Technology is constantly changing at an ever-increasing pace, and hackers are creating new methods to get to your sensitive data. In the past few years we’ve seen a massive increase of ransomware, malicious viruses that demand payment to release your data.

Contact Schenck’s Steve Hyde, director – IT consulting, at 920-996-1292 or Abe Babler, senior IT risk consultant, at 920-996-1490 for more information. It may be the best way to slam the door on a malicious hacker.


Steve Hyde, MS, MBA, chief information officer and director-information technology services, has more than 20 years of technology-related business experience including business process redesign, hardware/software assessment and implementation, PMO creation and project management methodologies, metrics/dashboard creation, and designing technology strategy and controls.

Abe Babler, MBA, is an IT Risk professional at Schenck with more than 17 years of professional experience in IT infrastructure and governance.