Here are 10 actionable tips that you can use to improve the overall cyber security posture of your organization, and also to protect against some of the most common attacks out there.
- Train your employees about security awareness. Humans represent the weakest links that attackers take advantage of, that’s why Phishing is one of the most popular delivery methods of malware and ransomware.
- Watch out for weak, default, or compromised passwords. If you haven’t done yet, you should enforce password policies for all the systems within your organization, which includes complexity and reusage checks. As soon as you deploy new technology, software, or device, you must immediately change its default password according to the defined policy. Also, you can check for compromised passwords here.
- Limit the exposure of sensitive protocols. Before opening a port to the Internet, ask yourself: Is it really necessary to do so? If yes, ensure that only the allowed personnel will be able to access it, by creating proper protection mechanisms, for example, Firewall rules, Access Control Lists, and VPN tunnels. Some examples of network protocols and services considered sensitive and dangerous to be exposed are Remote Desktop Protocol (RDP), Database Logins (MySQL, MariaDB, and so on), Simple Network Management Protocol (SNMP), Virtual Network Computing (VNC).
- Backup, backup, backup! If you have a good backup strategy, that transfers and stores the data in the cloud, then you should get rid of the fear of getting ransomware. Try to move the backups in the cloud, if you still keep them within the network, then there’s a higher chance of those becoming encrypted as well.
- Enforce Multi-Factor Authentication where possible. Besides passwords, you should enable one-time PIN, biometrics checks, smart cards, or USB tokens for all the accounts.
- Apply the Principle of Least Privilege. “The principle means giving a user account or process only those privileges which are essential to perform its intended function.” (Source: Wikipedia). It means that you should not give domain administrator rights to Ben, which is part of the sales and marketing department.
- Review from a security perspective. You should check the configuration of network devices, servers, workstations, or any device from a security standpoint. It is not OK to just say “It works”, you should be confident to affirm that “It works securely”.
- Keep things up-to-date. Operating systems, software solutions, and 3rd party libraries should be updated frequently, without questioning this.
- Improve defensive capabilities with Threat Intelligence. Maybe it sounds “too complex” for your organization, as I’ve heard many times before. In reality, it is very simple, especially if you start just digesting the Threat Intelligence data shared within various communities Online, such as OTX. Basically, you can collect Indicators of Compromise (IoC), which includes IP addresses, file hashes, domain names, and URLs that are known for malicious activities. After that, you can import the gathered IoCs into your Firewall/IDPS rules to drop the bad traffic, or into your Anti-Virus/Endpoint Protection in order to block the files.
- Implement Data Classification. First, define a policy that addresses this issue. Second, ensure that information is being stored in different places based on its categorization, for example in different databases or cloud storage. Next, enforce classification of data-in-transit, for example by using the Sensitivity Labels in Outlook when sending an email.
I really hope that you will take in consideration and apply most of the tips described above.
Thank you for your attention, grateful to have it!