Four key things you should do to start improving your company’s cybersecurity
In a previous post, we addressed how to start putting together your cybersecurity strategy. To properly secure your data, you must understand what exactly you are trying to protect and identify your most exploitable information. However, developing a cybersecurity strategy can be a lengthy process. In this post we will address four things you should do right away as part of basic security for your company’s IT system.
Know what you have
You need to know what you are trying to secure.
Many businesses often overlook this step. It’s important to know exactly which machines (desktop, servers, laptops, tablets and networking equipment) and users (individuals and service accounts) are included in your IT system.
Take that information and do the following:
Make sure all your equipment has the latest service packs and security updates.
Most users are surprised to learn that a lot of the issues they are experiencing with breaches are due to known security vulnerabilities.
Vendors are typically quick to update and patch vulnerabilities. However, you are missing out on a very low-cost fix if you don’t have them installed properly or don’t know how to install them.
Have some level of anti-virus software installed on all machines.
There is still a possibility that you will breached or compromised with anti-virus software, but some protection is better than none.
Put in place a password policy
All employee passwords should be complex and updated regularly. However, remember that passwords aren’t as useful as they once were.
Criminals can use a variety of tactics to access a password. Unsecure networks can leave your weak password vulnerable to attackers. Attackers can also guess simple passwords based off your digital footprint, steal files with the password on them or even use password recover to reset it.
A good rule of thumb is to consider passwords used to access the system on premise (while physically in the office) as useful, but passwords used to access the system across the internet much less secure.
Audit your users.
This includes both human and service accounts. Understanding which user accounts you have operating on your system allows you to minimize your attack surface.
Delete or disable old users and keep very strong passwords on service accounts. Too often we find breaches occurring because attackers were able to gain access using old user accounts and or service accounts with weak passwords.
Having an updated and living network diagram with specific information showing equipment and an audited user account list is important.
Secure your remote access
The traditional 9 to 5 work day is a thing of the past. It’s now vital for users to be able to access their systems (files, email and applications) away from the office. There are a variety of systems and applications that have been developed to achieve this goal, but they have also left many networks vulnerable to attacks.
We often find massive security holes in otherwise secure networks because the remote access system didn’t consider potential threats. Sometimes the specific threat didn’t even exist when the remote access system was adopted. This is true for in-house as well as cloud based systems such as Office 365.
When considering remote access for users, assume that at some point your system (on premise or cloud based) will be breached remotely if you rely on only usernames and passwords. Remember that usernames and passwords alone are not very effective regardless of complexity.
It’s important to have Multi Factor Authentication or MFA for remote access users. This means they will need a third or fourth unique identifier beyond their username and password. This could be your phone, a random number generator or whatever else your company chooses.
At 360 Smart Networks, we use four factor authentication. For any one of our users to gain access to the system remotely, they must have their username, password, iPhone and fingerprint all at the same point in time and space. Missing any one of these things will lock you out of the system.
Adopt the following policy as soon as possible:
Remote access to any system will only be allowed if a Multi Factor Authentication overlay is used.
This policy must be enforced for all systems that give users the ability to work remotely. Whether using Citrix, Terminal server, VPN or some other technology, MFA is a crucial part of the authentication process.
Understand that the most effective firewall, anti-virus and security system available is the human brain. A cautious and informed user will notice something is amiss much more effectively than any piece of software or hardware.
Socially engineered attacks are the most common cause of breaches. It’s easier to get information from a user than it is to actually build a system to steal it.
Sign up all your users for cybersecurity training. Make sure it is ongoing and covers all known and potential threats.
Cybersecurity training offers a ROI cannot be beat, whether you choose to use in-person training, webinars or standard tests.
Backup, backup, backup
Assume that at some point of time something is going to fail. Criminals are constantly working at getting through existing systems and every once in while they will get through. Make sure you have plan B, an insurance policy in the form of a backup system. Make sure you understand your backup systems and plan accordingly. Remember that not all backup systems are equal.
Your backup system must:
- Not be directly connected to your network (same domain or attached storage like USB.)
- Have an off-site copy
- Be encrypted
- Checked for consistency daily
By implementing these four concepts and understanding how they interact with your system you can attain 80 percent of the required protection needed for 20 percent of the potential cost.
There are of course many more systems and protocols you can and should use for your business. As a bare minimum, make sure you understand what you have, secure your remote access with MFA, train your users and backup your data.