The threats are real. And they’re not just limited to big companies or organizations either. Very often, attackers are using bots to troll the Internet for vulnerabilities. When the bot finds the vulnerability (or an employee engages with a malicious actor), then the attacker exploits that attack vector. So, how do you protect your organization from being attacked? Here are a few common-sense cybersecurity tips.
Invest in User Education
Your people represent one of the largest attack vectors – not because they want to bring the organization down, but because they don’t know what they don’t know.
Unlike you, your employees don’t lie awake at night thinking about cybersecurity. Most of them are probably much more interested in Facebook than public key infrastructure. And while they may not fall for the “Nigerian prince” phishing email, they may fall victim to one that looks like a trusted colleague, vendor, or friend.
To mitigate this threat, you want to invest in high-quality cybersecurity education for your team. Make sure the curriculum is concrete, replete with good anecdotes, and be sure to follow up with good testing to make sure the concepts stuck.
Very often, attackers are using bots to troll the Internet for vulnerabilities. When the bot finds the vulnerability (or an employee engages with a malicious actor), then the attacker exploits that attack vector.
Understand the Threats
Many IT professionals started out in the industry doing things like network and system administration. While this provides them a good understanding of how the component parts of their networks fit together, many are less aware of the risks abounding on the Internet. You should know about some of the more common threats, such as phishing, malvertising, and browser injections. You should also follow security experts like us and OWASP in order to stay up-to-date on the threats facing your organization.
Practice Good User Account Management
While forcing users to use two-factor authentication or asking that they create unique passwords frequently can seem ‘annoying’ to users, good cyber hygiene is essential to reducing risk. With practices in place that require users to rotate passwords, VPN from outside the organization, and undergo compliance audits, even account compromises can be contained.
Keep Your Software Updated
Old software is fertile ground for attackers. Many attackers keep databases of software vulnerabilities, which they steer their malicious bots towards. As software companies identify their own vulnerabilities, they release patches to prevent exploitation. You should have a process for routinely updating your software to keep it current.
While keeping backups can’t prevent attacks, they can help to reduce the impact should one occur. Importantly, you want your backups to keep separate from your primary network so that the backups aren’t compromised if your network is.
Segment Your Network
Not all parts of your network are equally critical. But, an attack in one part of the network could harm another, more critical part of the network. A good practice is to thoughtfully segment your network and prevent interaction where it’s not necessary. A common, obvious example is using a ‘guest’ network for wifi connections for customers or vendors (or anyone who doesn’t “need” to be on your core network). Depending on your IT infrastructure, there may be other areas to segment your network. In this case, you’ll want to make sure you double down on cybersecurity infrastructure for the most critical parts of your business infrastructure.
Establish a BYOD Policy
We live in an age of personal device. Most of us can no longer imagine life without our smartphones or tablets. Yet, when these devices are on your network, a compromise can pose a threat to other devices on the network. If you don’t segment employee devices from your core network, you want to make sure you have policies about how devices should be allowed to interact with your network. In some cases, that may mean limiting access, requiring the use of security certificates, or even disallowing devices altogether.
Retire Old Devices & Services
As your organization grows and your business IT needs a shift, you may find that old device become obsolete or superfluous. When that happens, retire them and remove them from the network. Not only is it less to manage, but it also reduces access points and attacks vectors on the network.
Test Your People & Your Processes
As you become aware of new threats, you want to update your user education plan and roll out the information in a systematic way. In a sense, your user education “plan” is really more of a “process:” it’s never complete. As you roll out your education process, you want to make sure you’re testing its effectiveness consistently. For example, are people following the incident report strategy? Are they being properly encouraged? Is IT getting back to them quickly when a concern is reported? You may want to identify an individual whose job is to become a cyber hygiene trainer and is accountable for this part of your operation as a whole.
Encrypt Critical Information
In the event an attacker gains access to your IT infrastructure, you can reduce the risk of critical data loss by having it be encrypted in the first place. If your information is encrypted, the attackers won’t be able to gain access to the content of the information without the keys. At the very least, your most sensitive, confidential information should be encrypted.
Make Sure Your IT Infrastructure is Cyber-Insured
It’s impossible to mitigate 100% of the risk associated with cybercrime and data loss, even with the best people, processes, and technology. Standard insurance policies don’t cover the loss of data in the event of a breach. If an attack happens, your organization could be held liable to third-parties and lawsuits could be fiscally ruinous. Having cyber-insurance is an essential component of the modern organization.
Monitor Your Network(s)
You should know what devices are on your network at all times. You should also know how they typically interact with the network and be able to identify aberrant behavior. Your SIEM plays a vital role in this function. If unusual behavior is detected, make sure it’s addressed swiftly and decisively.