Cyber Defense Is All About The Offense

1
108

Best practices. Every organization has them, right? What employees should be doing, in regard to topic X, Y, and Z. But do they exist for cyber security? Can they be found in the employee handbook? One would assume so, since in almost every organization, every employee has access to some form of technology – computers, servers, routers, Internet of Things (IoT) devices, or perhaps even those who bring their own devices (BYOD). With the increased importance placed on technology in normal business practices, it is critical employees understand best practices to maintain cyber security.

Best practices for cyber security

There are five major best practices every organization should be implementing to ensure their data and devices remain secure.

  • Keep all third-party applications and device operating systems (OS) updated
  • Implement a default-deny approach, also known as application whitelisting
  • Cyber security training for all staff
  • Conduct IT administration audits
  • Ensure proper backup procedures

Seems easy enough, right? Next, we’re going to take a deeper dive into each of these best practices, and how organizations can implement them for advanced cyber security.

Updates galore

If updating systems and programs went off flawlessly, there is no doubt organizations would be installing these updates in a timely manner. The fact is, installing updates may lead to additional issues for users. Therefore, testing is required before these updates are initiated. Unfortunately, this testing may be time consuming, and/or fall on the backburner if other IT needs take priority.

Companies are encouraged to have a designated IT staff member in charge of application and OS updates. Rolling out an entirely new OS will take time, and significant testing. Updating your current antivirus shouldn’t take long at all. However, both should be tested to ensure there are not negative repercussions as a result. Now what if you only have one IT staff member? They likely don’t have time to conduct the testing or roll out the updates, but simply not doing it is not an option. These businesses should be looking into managed services options to assist with updating and patching their systems.

Application whitelisting

Implementing an application whitelist approach will only allow known trusted programs to execute on the server or endpoint the whitelist is installed on. Fortunately, there are antivirus programs that integrate this approach into their malware detection. Although, completely changing your security approach may be intimidating, the rate of malware infections, including ransomware attacks significantly drops with the use of an application whitelisting agent. Businesses are encouraged to find a security program that will not only help with the installation and initial deployment, but also maintain support. Not every solution has this, so be sure to ask questions!

Staff cyber security training

Human error is one of the biggest cyber security risks organizations are facing. It is also something that is, to a certain extent, completely unmanageable. People are not machines we can train to only click on certain things, or only visit certain pages. Understandably, the IT department can put certain restrictions on websites employees can visit and what networks they have access to. However, they cannot control what emails they open, or what attachments they download. This is why training is so important.

Users need to understand what the current threat landscape is, and what red flags they need to look out for to prevent falling victim. This training should be across the board for all employees – especially those with daily computer access, business email accounts, and employees with administrative access rights.

IT admin audits

IT administration audits

Audits – ugh!  No one likes them.  It’s not a well-kept secret.

That being said, they can be incredibly helpful for identifying security holes and ineffective procedures, as well as optimizing various processes throughout the organization. IT administrative audits should take place every few years at a minimum, with continued procedures in place to monitor employee access rights, escalation procedures, disabling employee access post-employment, etc.

But how does this play into cyber security – specifically cyber attacks? Often times, when a company experiences a malware attack, it begins with a single mouse click from an employee. Depending on that employee’s access, it may easily spread throughout the network. What if this person had access to systems they didn’t need access to, and now those systems are infected? It happens all the time. This confirms why monitoring network administrative rights are critical, primarily for disabling unnecessary rights granted.

In addition, monitoring who has remote access to the company’s systems is imperative. As mentioned previously, the BYOD craze is in full motion. Giving anyone and everyone the right to remotely connect to company systems through their computers or IoT devices, is incredibly risky. IT administrators have no idea what, if any, security protection is on these devices. They also don’t know if they’ve already been infected. Putting controls in place to mitigate this threat is imperative.

Data backups and backup procedures

Keeping timely backups of data is half the battle. Keeping those backups secure and having a procedure in place to restore any corrupted files is critical as well. Backups should take place every hour. Those backups should be stored either in the cloud, or on an external device. It is also imperative businesses have a disaster recovery plan. This may be in case of a natural disaster, cyber security attack, or corrupted hardware. This disaster recovery plan, at a minimum, should include where the backups are located, how they will be accessed, and who is responsible for the restoration process.

Conclusion

There is no silver bullet when it comes to cyber security. Instead, there are pieces to the puzzle. Those pieces include keeping systems and programs updated, enhancing security measures with the use of an application whitelisting agent, staff cyber security training, IT administration audits, and backup data procedures. So, the question left to answer is, how many pieces of the puzzle are you missing?

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.