Learn the step-by-step process of making delicious nitro cold brew [...]
Lesson Learned From Our Alarm Company Calling The Wrong Number
From a security standpoint, one often overlooked aspect is reconciling user accounts and regularly verifying the correctness of the information in our systems. Recently, we encountered a security incident at our storage units that were monitored by our alarm system. Despite the alarm going off, flaws in our communication and outdated contact information led to the failure of successfully responding to the potential threat.
The incident highlighted the need for constant checks and updates of contact information and the necessity to test alarm systems regularly. Similarly, on the IT side, it is crucial to reconcile user accounts and verify employees’ access to systems and applications. Employee departures can often cause inconsistencies and errors in account management, resulting in unnecessary costs and potential security vulnerabilities.
- Regularly reconcile and update user accounts and contact information in alarm systems and IT systems.
- Test alarm systems monthly to ensure they are functioning properly.
- Routinely request lists of users in applications to verify active employees and remove those no longer with the company.
Hear From Our
Read Our Reviews
Security Incident at CCS
When our storage unit was broken into, the alarm system was triggered, but several issues prevented us from receiving the notifications:
- The alarm company changed their outbound caller ID, which was unrecognized by our phones.
- Our contact numbers were outdated or incorrect in their records.
- The company had the wrong email address for us.
This incident highlighted the need for regular alarm system testing and account reconciliation. We have scheduled monthly tests for our alarm system and initiated communication with our alarm company to ensure accurate contact information.
On the IT side, account reconciliation is also crucial for the following reasons:
- Misaligned processes can cause failure in removing or disabling access for terminated employees.
- Forgotten or unnotified employee departures keep accounts active and incur unnecessary costs.
- Human errors or lack of communication can lead to unauthorized access to sensitive systems.
To mitigate these risks, we suggest the following actions:
- Monthly Alarm System Testing: Schedule regular tests to ensure the alarm system functions as intended.
- Contact Information Verification: Reach out to alarm and IT service providers occasionally to confirm that your contact details are accurate.
- Account Reconciliation: Periodically request lists of active users in various systems (e.g., Office 365, computer access, backups) and cross-check with your staff list to prevent unauthorized access.
We must stay proactive and remain diligent in maintaining the security of our systems and accounts. By taking these actions, we can minimize risks while ensuring smooth operations at CCS.
Alarm Response Failures
Inadequate Caller ID Management
- Outbound Caller ID changed by alarm company
- iPhone set to ignore unknown callers
- The alarm call went to voicemail
Failure to Contact the Primary Number
- The alarm company called the employee and spouse’s numbers
- The primary number, added a year and a half ago, was not called
- Communication disconnect at the alarm company
Incorrect Email Address
- The alarm company had the wrong email address on file
- Regular account reconciliation is not being performed
To prevent these issues, we recommend taking the following actions:
- Test our alarm system monthly
- Periodically verify contact information (phone numbers, email addresses) with the alarm company
- Schedule routine account reconciliations with your IT company to ensure up-to-date employee access and reduce unnecessary expenses on inactive accounts.
By staying proactive and scheduling these checks, we can avoid potential security gaps and ensure our alarm systems work effectively when needed.
Importance of Regular Reconciliation
Regular reconciliation of our accounts and systems is crucial for multiple reasons. It helps maintain accuracy and keeps our data up-to-date, which is essential, especially when dealing with sensitive information like employee details and security measures.
One of the key reasons for regular reconciliation is to avoid miscommunication during emergencies. For example, outdated contact details in an alarm company’s system might lead to untimely notifications, rendering the alarm system ineffective.
Consider the following steps to ensure regular reconciliation:
- Test your alarm systems: Schedule monthly tests for your alarm systems to verify their functionality and confirm the correct contact details with the alarm company.
- Review user access: Periodically request a list of active users for services like Microsoft 365, email, and backups to remove access for former employees, thus preventing unauthorized access and reducing unnecessary costs.
- Regular check-ins: Collaborate with your IT team and other service providers to review the account and access details, ensuring accuracy and up-to-date information.
- Proactive communication: Always notify relevant parties promptly when there are changes, such as employee departures or role changes, to maintain updated records.
Investing time in regular reconciliation of accounts, user access, and security systems is crucial for smooth operations and avoiding potential issues. Remember, we must be diligent and proactive in maintaining accurate, up-to-date records to guarantee everything functions as intended.
Testing Alarm Systems
It is crucial to test our alarm systems and reconcile our accounts regularly. We experienced an incident where our storage units were being broken into, and the alarm system was activated. However, we were not immediately informed of the situation due to outdated contact information and changes in the alarm company’s outbound caller ID.
This incident highlights the importance of conducting a monthly alarm system test. We have added a calendar item as a reminder to perform this essential maintenance. Additionally, we must update our contact information to ensure clear communication with the alarm company. This allows them to reach us promptly in case of emergencies.
On the IT side, such tests are equally important for account user reconciliation. Systems can become misaligned over time, and an issue may arise, such as employee discrepancies or outdated contact data. To avoid paying for unnecessary services or compromising system security, periodically request lists from IT companies. This can include lists of 365 account users, email account backups, and any other services.
Remember that your IT company does not have the data to know who is currently employed, so it is vital to maintain communication and timely updates on personnel changes.
Take the time to regularly test your alarm systems, check the accuracy of contact information, and keep your IT accounts up to date. This will help ensure a smooth and secure operation, giving you peace of mind and optimal efficiency.
IT Account Reconciliation
Addressing Process Failures and Employee Terminations
We cannot emphasize the importance of regularly verifying our IT accounts, especially when dealing with employee terminations. It’s not uncommon for an employee to be removed from some systems but not all, leading to mismanagement and potential security risks. So make sure to:
- Regularly check and update phone numbers, email addresses, and contact details
- Ensure terminated employees lose access to IT systems and accounts immediately
- Communicate any changes within the company to avoid misaligned information
Dealing with Unreported Departures
Unreported employee departures can result in paying for unused licenses and unnecessary support for inactive accounts. To mitigate costs and risks, we recommend:
- Periodically ask for a list of users in systems like Office 365
- Compare lists against current HR records to identify discrepancies
- Report any omitted employee separations to IT to remove them from the systems
Importance of Regular Account Reviews
Regularly reviewing our IT accounts can help identify misaligned information and ensure we follow best security practices. As part of our process, we should:
- Test vital systems, such as alarm and security setups, every month
- Request an updated list of user accounts, system backups, and email inclusions
- Coordinate with HR and IT to confirm the legitimacy of user accounts and access.
We hope implementing these procedures within our company will promote a more secure and streamlined environment for everyone involved.
Actionable Steps for Reconciliation
Consistently Schedule Checks
- Test alarm systems monthly
- Establish calendar reminders for regular security audits
- Include account reconciliations in security audits
Confirm Contact Details
- Periodically verify phone numbers and email addresses in security accounts
- Update contact information for any personnel changes
- Ensure primary contacts and their information are up-to-date
Obtain Access Records
- Request lists of users in accounts such as Microsoft 365 and other critical systems
- Validate user access against current personnel
- Notify IT support of any discrepancies and confirm their resolution
- Regularly review and update access to sensitive systems, especially after staff changes
In light of the recent security incident, it’s crucial that we consistently reconcile our accounts, test our alarm systems, and ensure that all contact information is accurate. To achieve this, we should:
- Test our alarm systems monthly
- Double-check all provided phone numbers and email addresses with the alarm company.
- Regularly request lists of users from our IT vendors to validate active employees.
As this experience taught us, it’s vital to maintain open communication and collaboration with our vendors to prevent similar occurrences in the future. Let’s take these lessons to heart and ensure we remain proactive in safeguarding our resources.
We appreciate your continued support and cooperation in enhancing our security measures. Best wishes for a great weekend, and as always, feel free to share and subscribe to our channel.
As we continue to emphasize the importance of security, we’d like to address the regular reconciliation of our accounts and users. This is vital in ensuring our systems are up-to-date and functioning efficiently. We recently experienced an incident where inconsistencies were discovered in our alarm monitoring system, prompting us to take immediate action.
In light of this, we recommend doing the following:
- Regularly reconcile accounts: Ensure your systems’ accounts and contact information are accurate and up-to-date. This includes alarm systems, email accounts, and other relevant platforms.
- Test your alarm systems monthly: Schedule regular tests to verify their proper functioning and responsiveness.
- Verify contact information: Make it a habit to confirm that the phone numbers and email addresses on file are accurate and still in use, especially for essential contacts in an emergency.
- Reconcile computer users and backups: Request a list of users and devices periodically to verify that only current employees can access your systems and that you are not paying for services for former employees.
- Coordinate with your IT support: Communication is vital regarding security. Regularly contact your IT support for confirmations and updates on users, system access, and other relevant information.
By performing these reconciliations, we can stay ahead of potential issues and ensure the security of our systems, data, and devices. Let’s work together to maintain a secure and efficient environment for our team.
Special thanks to our friends at SupercityOS in Halifax for their ongoing support.
Latest Blog Posts
Unlock unparalleled efficiency and innovation with CCS's comprehensive [...]
Accelerating Business Growth
Discover comprehensive IT services and expert information systems [...]