Cyber threats are an everyday menace for organizations. It requires significant investments and resources to safeguard the environment; protecting assets, data and people. By identifying the potential risks and damages an establishment could experience, it is essential to put processes in place to assist with mitigation strategies.
Firewall and end point detection/remediation and other hardware defenses alone are not enough. There should be rules that restrict unfettered access to resources. Deploy the rule of ‘least privilege’, only allowing access to applications and data necessary to perform the job. These rules should be extended beyond users to include content filtering, email security, whitelisting/blacklisting, port blocking and other controls.
Software such as anti-virus, spam filters and use of secure browsers can aid in preventing attack penetration.
Exercise implementation of security best practices:
- Use strong passwords. Longer = stronger. Use a passphrase. It’s easier to remember and harder to hack.
- Use a unique password for each application. Enlist the use of a password manager to keep track of them.
- Use MFA to add an extra layer of protection.
- Stay up to date on firmware and patching all hardware, including end user devices. Keep software applications up to date.
- Implement an ongoing cybersecurity awareness program. Include phishing simulations that condition users how to recognize, and report, suspicious emails or other social engineering.
- Be sure to have backups of all critical data that is stored offline and off site.
- Stay on top of emerging threats.
- Create policies that will ensure everyone in the organization is compliant.
Should a cyber crook break through your defenses you will need to invoke your incident response plan. This can speed up the recovery process. Involve law enforcement if necessary and cyber risk insurance to assist with forensics and recovery.
Begin by conducting a risk assessment. This will help prioritize where the greatest need for protection should be, and to what level. Knowing what you have to protect will assist with deciding the best defenses to put in place.