Our main activity in 2021 was making sure that the company is as secure as possible from an IT perspective. Although security is of paramount importance, it must be implemented in the least intrusive and user-friendly way. If not done properly, employees will act against the system, thus reducing the overall security. 2021 has been a record year for vulnerabilities found in software and the amount of work required to reduce the risks has increased considerably. We have managed to close over 1000 vulnerabilities during this time.
While there is no perfect security, we have made some remarkable progress in this field as seen in the proof below:
Reducing the Security Exposure Score has also been a significant undertaking during the last year. We started off at 77% and managed to hit 20% by end of year which leaves us in the low exposure range.
The Microsoft Secure Score has improved from 52% to above 88% during the last 12 months, thus ensuring a strong position in comparison with similar companies. This score represents a value that allows company management to assess the security posture at a high level and monitor improvements that have been implemented over time.
* Regular updating of the company servers and clients is done every month. We have spent around 100 hours in making sure every single server is up to date.
* We have managed to stay ahead of the major security events of this past year. There are some situations that became viral due to their widespread presence and high vulnerability levels. Just to name a few: Log4j, Print Nightmare, Exchange Hafnium.
* All employees and guests are now required to use multifactor authentication when accessing company resources (SMS / Phone App required after password).
* We have removed all end-of-life servers for the company environment so we can eliminate software not being updated for security issues (10% of the server inventory).
* We have been performing constant updates on the software installed on computers has been one of the main concerns, with over 20.000 updates being performed on different applications within the company.