Between concerns of Iranian attackers disrupting computer systems and criminal cyber-gangs ransoming your data for cryptocurrency, cybersecurity threats can quickly become an overwhelming challenge for your organization to stay abreast of. Here is a list of our Top 10 recommendations and best practices that can help better protect your business from these rapidly evolving cyber threats!
1. Perform Regular Penetration Testing
Do you know where any gaps exist in your current IT infrastructure? Are there critical flaws in vendor software that need to be patched? Are your existing security controls adequate? The best way an organization can answer these questions is through regular Penetration Testing.
Penetration Testing, widely known as just pen-testing, is a security assessment, analysis, and progression of simulated attacks on a network, system or application to test its overall security posture. The objective is to penetrate an organization’s security defenses by looking for weaknesses or flaws that a malicious attacker could exploit to impact confidentiality, integrity, or availability.
The detailed reports created by these pen-testers will provide insight into the effectiveness of your security controls and give recommendations based on the findings of the engagement.
2. Create and Enforce a Patching Schedule
Patches are pieces of software that address one or many vulnerabilities and/or bugs that are discovered in a particular system, network, protocol or application. By regularly maintaining the highest/latest available patch level of a system you dramatically reduce the likelihood that the system will be able to be attacked and compromised. While some hacking groups (most notably the Nation-States) may have Zero-Days, which are vulnerabilities that have yet to be addressed, regular installation of patches and updates will help prevent your organization from becoming an easy target.
3. Regularly Provide Staff with Training
Even the most secure systems in the world all share at least one serious vulnerability; an uninformed user. While Phishing accounts for some 90% of all data breaches, many organizations do not have adequate awareness training for their users.
Phishing emails are not as hilariously obvious as they once were, and attackers are getting more creative and believable every day. Making your users aware of the threats that exist, getting them to understand how to identify those threats and clearly defining a path for reporting them is a must.
The best way to mitigate the risks of phishing is through Security Awareness Training. Regularly talking to your employees about the latest scams and exploits of the internet will help foster an internal culture of security awareness.
4. Actively Monitor Your Infrastructure
Even if you do everything “right” there is always the possibility that you may suffer a cyber event or data breach. With the average cost of a data breach projected to exceed 150 million dollars in 2020 and with 43% of all cyber attacks targeting small to medium-sized businesses, there is no better time to keep a close eye on your infrastructure. Proactive monitoring of computer networks for anomalous activity could signal a data breach unfolding in real-time.
By leveraging managed SIEM/SOC (Security Information and Event Management / Security Operation Center) services, this provides a tremendous force multiplier for your organization to detect and respond to security events in real-time and prevent a breach from occurring. With a solution such as Coretelligent’s CoreArmor platform, trained Security Analysts are able to flag, review, and act on these events in real-time, minimizing the impact and scope of a data breach dramatically.
While most companies take nearly 6 MONTHS to discover a data breach, proactive review, and monitoring is critical to your organization’s security posture.
5. Perform Vulnerability Testing
Vulnerability Testing is one of the best ways to validate that your patching schedule is effective and working as expected. A vulnerability scan can detect and classify system weaknesses in computers and networks and can predict the effectiveness of countermeasures, giving you regular insight into the vulnerabilities that may exist inside of your organization.
There are two main types of vulnerability scanning: authenticated and unauthenticated scans. The authenticated scan reveals vulnerabilities that are accessible to someone with credentials, while an unauthenticated scan, the scanner is run as an intruder would, without trusted access to the network. Such a scan reveals vulnerabilities that can be accessed without logging into the network or systems.
6. Have and Regularly Test a Disaster Recovery/Business Continuity Plan
Having only one copy of an organization’s data presents a substantial risk. Losing business data to human error, ransomware, system failure, natural disaster, or other potential threats could mean that it is gone forever, with disastrous results to the business. Protecting the integrity and availability of data is just as important as ensuring the confidentiality of that data. The regular off-site backup of information is critical business viability in the event of a disaster.
Regularly testing those backups through restore testing is also a critical part of identifying problems such as potential downtime in a disaster or data corruption. The last thing you want is for the data to be unusable when you need to restore it.
In regards to backups, a simple strategy to remember is the “3-2-1 rule”, this states that you should maintain at least 3 copies of your data at all times, on 2 different storage mediums or platforms (disk/tape, etc.), with at least 1 of them being off-site/remote from the primary location.
7. Draft and Enforce Cybersecurity Policies
Cybersecurity Policies come in all different shapes and sizes and can cover a wide variety of topics and organizational controls. Having and enforcing policy such as a Written Information Security Policy, Incident Response Plan, Data Destruction Policy and more show your employees, stake holders and regulators that you’re taking Cybersecurity seriously. These types of policies remove the guess work during an incident and allows an organization to assign roles and responsibilities, set expectations, plan for different types of scenarios, and contemplate tough decisions in advance rather than amid a crisis.
8. Deploy a Multi-Factor Authentication Solution
A strong Multi-Factor Authentication solution such as iDaptive or Duo, helps mitigate the risks of password reuse and brute-force attacks by adding a second (and sometimes third or fourth) method to authenticate with, making knowing only the password useless as you would also need access to whatever that second factor is. While attacks on organizations have become more complex over the years, basic attacks, such as email phishing, that can be done by almost anyone are still rather effective ways of gaining access to an organization’s most sensitive and critical information.
Protecting systems such as Remote Desktop and VPN as well as Cloud providers with Multi-Factor is an effective way to mitigate against these types of risks.
9. Take Better Care of your Passwords
Passwords protect access to an unbelievable amount of data and yet over 70% of employees reuse poor passwords at work! A 2018 study showed that while 91% of those polled know that reusing passwords is poor practice, 59% of them reuse the same passwords everywhere. Password reuse and poor password policy are a growing problem and organizations can do more to combat this!
Businesses can leverage technologies that check passwords against known-bad and leaked password databases, ensure that your users are not making use of an easy to break password. Making sure that “Password Complexity” is enabled only does so much, leveraging the products can help make it so that users don’t have “Summer2019!” as a password.
The National Institute of Standard and Technology (NIST) publicly makes available many different standards including Password Guidelines covered in NIST SP 800-63 which presents the following recommended guidelines:
- 8 character minimum
- All ASCII characters (including space) should be supported
- Allow at least 10 password attempts before lockout
- No complexity requirements
- No password expiration period
- No password hints
- No knowledge-based authentication (e.g. who was your best friend in high school?)
10. Conduct a Cybersecurity Assessment
A Cybersecurity Assessment provides insight into the types of risks that face your organization and whether the cybersecurity controls that are in place are effectively mitigating those threats. A cybersecurity assessment works by identifying, analyzing, and evaluating various information assets and identifies the various risks that could affect those assets.
Typically, a risk evaluation is completed as part of the overall cybersecurity assessment with the identification and reporting of compensating controls that would address the discovered risks. It is essential to continually review the risk environment to address any changes made and to maintain an overview of the organization’s overall security posture.