Securing our resources is critical. This blog will highlight what companies – both big and small – can do now, and in the future, to help protect their information assets.
While the whole world is still trying to maneuver its way through this pandemic, bad actors are still looking for a payday. Below are a few key things that you can do to help keep your users, data, and organization out of the crosshairs.
1) Review & Lockdown External Services
Make sure there is a business need for any systems and services that are open to the Internet. If there is no business requirement, restrict access. Additionally, consider requiring users to authenticate to the corporate VPN before accessing systems and services.
2) Perform Comprehensive Back-Ups With 'Offline' Back-Ups
Review your current back-up policy/procedures to ensure all of your business-critical data is being backed-up appropriately. Make sure that you administer your back-ups separately from the rest of your environment to prevent a scenario where ransomware impacts your back-ups.
3) Ensure Software & Anti-Virus are Up-To-Date
Make sure you are forcing software and anti-virus updates to protect your environment from known threats.
4) Security Awareness Training for Users
Require all users to attend security awareness training when hired and on an annual basis. These trainings should include best practices on how to select strong passwords, avoid social engineering attacks, etc. Consider testing user awareness with periodic social engineering campaigns.
5) Restrict Admin Access & Avoid Credential Reuse
Restrict administrative access to only users who require it for business-critical functions. If a user needs administrative access, configure a separate 'admin' account for each user (e.g., msmith and adm-msmith). Additionally, make sure that no two accounts leverage the same password.
6) Enhanced Password Policy & Enforce Multifactor Authentication
Increase the password length to a minimum of 12 and prevent the use of 'dictionary' words in passwords. Additionally, ensure multifactor authentication is enforced on all Internet-accessible systems and services.
Longer Term Fixes
1) Enhance Architecture to Address Current Landscape
Ensure that security concerns are considered and addressed with any updates to the technology environment (e.g., supporting a remote workforce).
2) Continuous Vulnerability Management
Build a process to continuously monitor for, and address, vulnerabilities present within the environment.
3) Enhance Logging & Monitoring Capabilities
Implement centralized logging and monitoring to assist in detecting and responding to security incidents.
4) Enhance & Test Incident Response Plan
Develop and implement an Incident Response Plan. Ensure that users are trained on their roles and responsibilities and consider conducting tabletop exercises.
5) Independent Testing of Environment
Find a trustworthy security partner to perform independent assessments against your environment to identify blind spots and opportunities for improvement.
Need some help?
Let us know. Feel free to reach out and we'll be happy to chat!
About the Authors
Ryan Bradbury, CISSP, OSCP
Principal Consultant & Cofounder
As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.
Mark Keppler, CISSP, CISA, QSA
Information Security Leader & Advisor
Mark brings over 20 years of experience in IT Risk and Security including PCI DSS compliance, risk assessment, security frameworks such as ISO and NIST. Mark served as Chief Information Security Officer of a financial services company where he redesigned and revamped the security program. Mark has served as the interim or virtual CISO for several organizations and holds the CISSP, CISA, PCI QSA, and ISO27001 Lead Auditor certifications.