The below are a collection of tips that we deem most important to keep in mind when it comes to protecting yourself from the cyber threats out there. They include general recommendations for your business as well as some practical advice on how to improve your security posture.
1. Expect to be attacked
Don’t ever think you’re “not important enough” to be attacked. It doesn’t matter how small or big your organisation is or how much important information you as an individual think you might have, if you’ve got money or data (passwords, client data, emails, etc.) you are an attractive target. Along with this, recent ransomware outbreaks have shown that you don’t need to be a specific target to become a victim. Know your threats and your assets, perform some threat modelling exercises, and take practical precautions to protect what you can.
2. Backup your data frequently
Implement a rigorous backup regime to make sure you don’t lose your data in case of an attack, this is particularly pertinent with the rise in ransomware. Backup your data frequently and store it in multiple locations (offline) where infected systems wouldn’t be able to access it. Test regularly that they remain inaccessible for these systems, and most importantly, regularly test that the backups are being done correctly, and that the data restoration procedures actually work.
3. Employ defensive technologies against malware
Have relevant policies in place and establish defences across your organisation that will make it harder to get infected and will block malware from spreading around your networks. Firewalls and email security products can block known malicious senders and strip known malicious attachment files types; ad-blockers and script-blockers in browsers can help too; and new isolation “sandboxing” technologies can prevent the download and execution of ransomware from phishing links, malvertising, web drive-bys and watering hole attacks.
4. Be careful with removable media
Malware can easily be spread through infected flash drives, external hard drives and even smartphones. Have policies in place to control all access to these removable media devices and make sure to scan any device for malware before plugging it into a computer. On particularly sensitive systems consider disabling removable media altogether.
5. Monitor user accounts and limit privileges
Your employees should only be allowed access to the information they need in order to do their job. Limit the number of privileged user accounts and monitor user activity. Have a list of all accounts an employee has access to and remove their permissions when they leave the company.
6. Educate your staff and test their awareness
Make your employees aware of the cyber threats they might face, both at work and at home. Make it clear to them why they are an attractive target for cyber attackers and how they can detect suspicious activity.
Explain which types of information they should not be sharing with third parties or on social media and explain to them the concepts of social engineering and phishing. Illustrate how malware can be spread, why password security is important and why they should steer clear of public wireless networks in hotels, trains or cafés. Perform phishing and other assessments to test your employees’ awareness and validate the education you are providing is effective.
7. Have mobile management policies in place
If you have employees working on the move or from home, it is important to have policies in place that will protect any sensitive corporate data in case of a mobile device being lost, stolen or compromised. Many corporate mobile devices, such as laptops, phones or tablets not only contain locally saved sensitive data (client contacts, emails, photos, documents) but are also connected to the company’s internal network through VPNs and workspace browsers, providing an attacker with a direct route to the heart of an organisation. Make sure to employ a suitable and robust Enterprise Mobile Management solution and policy, applying your secure baseline and build to all devices.
8. Monitor and test your networks
Continuously monitor all systems and networks to detect changes or activities that could lead to vulnerabilities. Use penetration tests and/or vulnerability assessments to identify weaknesses within your organisation’s IT infrastructure that would leave it open to exploitation, and use these exercises to tune your SOC’s detection and response capabilities.
9. Have an Incident Response plan in place
It is now accepted that security breaches will happen, so being adequately prepared to deal with them will go a long way towards minimising their impacts. Know what you’re going to do and how you’re going to do it, and make sure that you have the necessary information, materials, skills and capabilities to do it effectively. Test your Incident Response plan on a regular basis, and using a variety of different scenarios, see where improvements can be made.
10. Build strong cyber resilience
Actively learn from your experiences and build a strong resilience towards cyber-attacks. Adapt to risks before they materialise. Invest in a programme of regular testing, exercising, red-teaming and information sharing and grow progressively stronger by reducing threats, vulnerabilities and the impact a potential attack would have. A strongly resilient organisation will suffer fewer security breaches, those breaches that do occur will cause less harm, and it will recover faster.
Adapted from Context Cyber Security