The biggest headache for WA-based safety footwear company Steel Blue’s systems administrator, Daniella Rietdijk, has been dealing with the threat of staff accidentally clicking on spam emails.
Rietdijk, who oversees the IT needs of all 60 employees of the company, told Computerworld Australia that while she was happy with the company’s three-year-old SonicWall intrusion prevention, anti-spam and content filtering offering, spam still managed to pass through on rare occasions.
"I always tell them that as soon as they see a dodgy email, they should let me know,” she said.
“Unfortunately, sometimes spam gets through the filter, such as ones that look like they are from Microsoft.
“Some users have clicked on spam, opened the .exe file and get a virus on their computer, which puts our data at risk so I’m always wary of who is out there trying to hack into us."
Thanks to Rietdijk’s training workshops, she said most staff were now aware of the security threats but some external sales staff were sometimes a bit naïve about opening emails.
To help protect external sales staff, a virtual private network (VPN) has been set up to connect them to Steel Blue’s server so they can access Web documents.
"Luckily I haven’t had anything major happening with regards to someone downloading a really bad virus,” Rietdijk said.
As well as accidental internal threats, Rietdijk said she was constantly thinking about overseas intrusions. Before the implementation of the SonicWall three years ago, there had been a number of attempted attacks on the Steel Blue terminal server.
According to Steel Blue, this problem was compounded by a locked down Cisco integrated services router that included a firewall with limited security features. Since then, the company's servers have been closed off to the outside world.
"Going forward I think we will have to increase our level of security because the hackers are getting smarter every day," she said.
"They will eventually write programs that will find our passwords [on the servers] so we will need to upgrade our security again."
The company is currently bedding down an enterprise resource planning (ERP) rollout, which took 18 months to complete and went live on 1 April, 2011.
“We’ve gone from an old green screen that sat on one server to this huge ERP system that needed seven servers,” Rietdijk said.
“It was supposed to go live on 1 November last year but we didn’t realise how much work was involved, but since we’ve moved onto it there have been no issues.”
Next on Rietdijk's agenda is replacing 10 PCs and 10 laptops by February 2012 with new Microsoft PCs and laptops.
“We haven’t replaced a lot of the hardware for a long time due to the global financial crisis [in 2007],” she said.
“That meant nothing was replaced unless it stopped working.
“Since then, I’ve made the request in my IT budget that computers need to be replaced every three years because I get complaints about slowness and things going wrong.
Read more: Bank of Melbourne suffers IT systems outage
“Every day I have a break/fix scenario with a lot of the users so I’m looking forward to upgrading everyone from the XP operating system.”
She added that trying to troubleshoot XP issues on some PCs was becoming harder because the OS was different from Windows 7.
As Rietdijk is the sole internal IT staff member, she relies heavily on external provider, Trusttech Australia, for security management. However, Steel Blue is looking to expand the IT department internally and appoint a help desk person within the next two years.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU