Who’s Been Playing Solitaire on the Domain Controller?

By Richard Brechwald • November 12, 2018

Who’s Been Playing Solitaire on the Domain Controller?

It’s a classic scene. You’re sorting through the attic and you end up browsing through old memories: photos from a forgotten road trip, souvenirs, and trinkets from your world travels, old board games you bought in a flash of excitement and only played once. Things you once loved, but that now sit unused, gathering dust and taking up space.

In the workplace, computer systems often end up cluttered in the same way. We end up with stacks of unnecessary software sitting around in files and folders where we’ve long stopped looking. But unlike the charming, nostalgic relics laying around the attic, that unused software sitting on your computer might be leaving you open to danger in the form of vicious cyberattacks.

Cybercriminals are constantly looking for ways into your system. Software like browsers (Firefox, Chrome, Edge), plug-ins (Java, Adobe Flash, Silverlight) and random applications (games, messaging apps, etc.) are well-known to be extremely vulnerable to malware and other forms of data hacking, particularly if they’re out of date.

This begs the question: how many useless apps are lying around on your system right now, putting your business at unnecessary risk? Here’s how to find out, and what to do about it…

Inventory Your Software Assets

The first step is to dig through your systems and figure out what’s absolutely necessary — and what’s not. If you have a contract that requires compliance with DFARS 252.204-7012, a software inventory is required, but further, it’s just common sense: You have to know what you have before you can protect it.

Nowadays, there’s an app for everything. Chances are that you and your employees have loaded up on them in an attempt to find more efficient ways to manage time, stay connected, or even have more fun at work.

That schedule management software you downloaded may have seemed useful at the time, but if it’s no longer in use then it’s time to send it to the trash.

Any piece of software not essential to your business should be considered potentially harmful and promptly cleared from your system. Delete software installers, remove unnecessary browser add-ons and extensions, and of course, make sure to update any apps that will be sticking around.

Eliminate Redundant Apps

There are so many solutions available for every problem that you’ll often discover you have several applications doing the same job. Figuring out what pieces of software are currently being used to solve the same problem can help you see where you need to cut the fat.

Do you need three browsers, or would one be sufficient? If you’re using Google Hangouts for video conferencing, do you need to have Skype on your system as well?

It’s also a good idea to take a look at the software that was already installed on your device when you took it out of the box. Known as bloatware, many new computers, tablets, and mobile devices come pre-packaged with lots of this third-party software to increase revenue for the vendor.

If you have bloatware on your systems, you might find that many of these extra apps have sat unused since day one. And some bloatware behaves like spyware, sending information about you and your system to outside agents without your knowledge. If they’re not currently in use, or they’re performing simple functions you can do through more essential applications, consider getting them off of your systems ASAP.

Limit Access

Sometimes system clutter grows out of control simply because we’ve given too many people the green light to do whatever they please. For this reason, it’s probably best to adopt a tougher approach to access privileges.

Keeping your systems clean and organized is undoubtedly easier if you allow fewer people to access and install software. Consider using special permissions to allow only top-level decision-makers to install new software. Carefully monitor who is adding new applications and require that they justify why these programs are needed. And finally, terminate dormant accounts so that hackers can’t use them to infiltrate your system and install harmful malware.

Get Superior Protection Today

If cleaning house feels like a major job, it’s time to call in reinforcements! CyberSheath’s comprehensive managed cybersecurity services can help you to conduct a professional software risk assessment, simplify your systems, and save you from putting your business at unnecessary risk. Contact Us now to find out how.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.