Today’s sophisticated threat environment requires comprehensive security capabilities spanning prevention, detection, and remediation. However, for many small to midsized organizations whose IT teams have already been stretched too thin trying to keep the lights on, creating an effective cybersecurity and resilience plan seems daunting. As recommended by the Canadian Centre for Cyber Security, organizations should apply the 80/20 rule (achieve 80% of the benefit from 20% of the effort) to mitigate most cyber threats through awareness and best practices in cyber security and business continuity. In this blog post, we will explain some best practices and security controls that can help you prioritize and get the most out of your cyber security investments.
1. Perimeter Security
Perimeter Security is the philosophy of setting up functional apparatus or techniques at the perimeter of the network to secure data and resources. Firewalls, routers, DNS, VPNs, etc. are all part of perimeter security solutions designed to secure and monitor the connections of a trusted network with an untrusted or public network.
As the first line of defense against an outside attacker, you need to develop a comprehensive perimeter security architecture based on a current network topography diagram representing both the logical and physical design of all connections to and from all service networks. Since stand-alone firewall is no longer enough in today’s more complex threats, perimeter security requires additional solutions such as IDS/IPS, network monitoring, Security Information and Event and Management (SIEM), and SSL Decryption to form a layered perimeter defense.
2. Secure Configuration / System Hardening
Many systems come with a known guest account or default password; such known elements should be changed or disabled prior to production use to reduce its surface of vulnerability. This practice is called system hardening. The process of determining what is hardened and to what level varies based on the operating system, installed applications, system/platform use and exposure. Controls commonly used to harden a system include:
-
File system permissions
-
Access privileges
-
System services
-
Configuration restrictions
-
Authentication and authorization
-
Logging and system monitoring
3. Patch Management
Malicious individuals or groups are constantly looking to exploit newly published vulnerabilities to attack computers, servers and networks with these weaknesses. That’s why it is recommended to only run current, vendor-supported operating systems for which security patches are made available in a regular and timely fashion. Available security patches, upon release by the vendor, should be tested and then applied to production systems on a schedule appropriate to the severity of the risk they mitigate.
4. Security Software & Malware Protection
Malware is the hostile, intrusive, and intentionally nasty software code that seeks to invade, damage, or disable computers, servers, networks or mobile devices without the owner’s consent. It includes computer viruses, worms, trojan horses, spyware, ransomware, etc. A system that is infected with malware is likely to suffer from problems like slow system response, malfunctioning systems, data loss or hidden infection that goes undetected until it causes harm at a future time. To protect against malware, it is recommended to choose solutions that offer the following protection capabilities:
-
Anti-malware Software for detecting and disabling malware before it causes harm
-
Application Whitelisting for executing software that is known to be worthy of trust
-
Application Sandboxing for executing untrusted software in an environment that controls access to other data
5. Email Security
Organizations from all industries are facing an increasing number of targeted and sophisticated email attacks such as phishing attacks, ransomware, and malicious attachments. Secure Email Gateway (SEG) is an email security tool that scans incoming, outbound, and internal email communications for any sign of malicious attachments or URLs. Some core features to look for in an email security solution include:
-
Spam filtering
-
Virus and malware protection
-
Phishing protection
-
Admin controls and reporting
6. Security Awareness Training
Everyone is familiar with the three pillars of cybersecurity: People, Process and Technology. However, most companies typically invest in just one area – technology - and fail to recognize that the most significant security risk remains the human factor.
Security Awareness Training is the best way to begin protecting your organization from the ever-changing threat landscape. By providing your staff with the knowledge required to recognize and react to cyber threats, you are creating a shift in employee mindset and implementing behavioural change, which will lead to reduced human error and an improved cybersecurity posture.
7. Access Control
In many cases, the combination of a user ID and a password is all that is required to gain access to systems and critical information throughout an organization. It is therefore imperative that policies and processes are in place to ensure that authorized individuals be granted the minimum amount of access (least privileged) that is required for the individual to perform their required job function. To minimize opportunities for attackers to leverage account credentials, consider the following recommendations:
-
Utilize Multi-Factor Authentication (MFA) whenever you can to add an additional layer of protection to ensure that even if your password does get stolen, your data stays protected
-
Enforce strong and complex password policies
-
Monitor and audit logs for successful and failed login attempts for systems or services
8. Backup
Data backups are a critical piece of the effort to ensure quick recovery not only from cyber security incidents such as ransomware or malware but also from natural disasters, equipment failures or theft. The importance of backup can’t be over-emphasized; yet it is still one of the most known and least implemented security controls.
To ensure you have a robust backup solution, you need to determine what business information is essential and how frequently this information changes. For example, critical workstation and servers may require daily incremental back-ups, whereas desktops may be recovered from one common image. You should also consider the location of your backup data, whether on-prem in an offsite location or via cloud services. Backups should be stored for one to three months and should be periodically tested for data restoration on an annual or more frequent basis.
9. Mobile Devices
The use of mobile devices to access SaaS based emails and collaboration tools is essential to many businesses to boost communication and productivity. However, securing these devices and providing training on best practices for privacy and security is often overlooked. To minimize risks caused by mobile devices, you need to take steps to secure sensitive information and corporate IT infrastructure access from these devices. Some recommendations include:
-
Enforce separation between work and personal data on mobile devices
-
Educate employees to download apps from trusted sources
-
Have the ability to track and remotely wipe a lost or stolen device
-
Keep the OS updated
10. Zero Trust
The concept of Zero Trust assumes all users and devices – whether inside or outside the corporate network – are untrustworthy. Building a Zero Trust model means to know, understand, and map out each resource and component of your architecture throughout the computing services. This includes all users, devices, services, and data sources that access or traverse your network.
An organization should monitor and collect device logs and network traffic data to ensure availability and performance. An organization should also analyze the collected data to identify rogue devices and malicious activities. The collected data and analytics can serve to help you improve security policy creation and enforcement.
11. Incident Response Plan
Is your organization prepared to respond to a data breach or a cyber-attack? If not, be ready because it will happen someday. And when it happens, how quickly you react and respond to the incident will make or break your business.
According to the National Institute of Standards and Technology (NIST), an Incident Response Plan provides “the instructions and procedures that an organization can use to identify, respond to, and mitigate the effects of a cyber incident”. Your incident response management should include the following three core elements:
-
Incidence Response Policy: to set the standard of behaviour for activities, such as organizational structure and definition of roles, responsibilities and levels of authority
-
Incident Response Plans: include guidelines which describe how to fulfill those policies. For example, communication plans, metrics for measuring effectiveness
-
Incident Response Procedures: are specific step by step instructions to execute individual process. For example, Standard Operating Procedures (SOP) for action, specific technical processes
12. Managed Security Services
With increased data distribution across the network, proper security is beyond the capabilities of many organizations. Multiple products from multiple vendors may be required to secure an attack surface, including on-premises, cloud, mobility, and IoT environments. Many organizations simply can’t afford the additional controls required to secure this new attack surface, and those who can, may quickly realize they lack the in-house staff and skill sets to properly manage them.
According to IDC, Managed Security Services is the around-the-clock remote administration and/or monitoring of IT security functions delivered by remote personnel at security operations centres (SOCs) operated by a third party. Activities such as patch management, managed endpoint /antivirus, managed firewall/unified threat management (UTM), and managed SIEM are performed on cloud and on on-premises devices. Businesses that work with a Managed Security Services Provider see benefits including improved cybersecurity performance and efficiencies, reduced mean time to detect, and increased visibility across all security controls.
Blair Technology Solutions is at the forefront of this security-first digital transformation movement. With over 25 years of experience, Blair can help you identify existing security threats, how to mitigate them and work with you to build proactive IT security strategy.
