Phishing, Ransomware, Breaches: Protect Your Organization

Bad actors will always be looking for a good payday. Below are a few key things that you can do to help keep your users, data, and organization out of the crosshairs.

'Quick'er Fixes

1) Review & Lockdown External Services

Make sure the organization has an accurate picture of what systems and services are open to the Internet. If there is no business requirement, restrict access. Constantly evaluate business requirements (e.g., is our Exchange server needed now that the organization as moved to Microsoft 365 and Exchange Online?) to keep the organization's attack surface as small as possible. Additionally, consider requiring users to authenticate to the corporate VPN before accessing systems and services.

2) Perform Comprehensive Back-Ups With 'Offline' Back-Ups

Review your current back-up policy/procedures to ensure all of your business-critical data is being backed-up appropriately. Make sure that you administer your back-ups separately from the rest of your environment to prevent a scenario where ransomware impacts your back-ups. Perform periodic recover tests to confirm that you can quickly, and completely, restore from these back-ups .

3) Ensure Software & Anti-Virus are Up-To-Date

Make sure you are forcing software and anti-virus updates to protect your environment from known threats.

4) Security Awareness Training for Users

Require all users to attend security awareness training when hired and on an annual basis. These trainings should include best practices on how to select strong passwords, avoid social engineering attacks, etc. Test user awareness with periodic social engineering campaigns. 

5) Restrict Admin Access & Avoid Credential Reuse

Restrict administrative access to only users who require it for business-critical functions. If a user needs administrative access, configure a separate 'admin' account for each user (e.g., msmith and adm-msmith). Additionally, make sure that no two accounts leverage the same password.

6) Enhanced Password Policy & Enforce Multifactor Authentication

Increase the password length to a minimum of 12 and prevent the use of 'dictionary' words in passwords. Additionally, ensure multifactor authentication is enforced on all Internet-accessible systems and services.

Longer Term Fixes

1) Enhance Architecture to Address Current Landscape

Ensure that security concerns are considered and addressed with any updates to the technology environment (e.g., supporting a remote workforce).

2) Continuous Vulnerability Management

Build a process to continuously monitor for, and address, vulnerabilities present within the environment. 

3) Enhance Logging & Monitoring Capabilities

Implement centralized logging and monitoring to assist in detecting and responding to security incidents.

4) Enhance & Test Incident Response Plan

Develop and implement an Incident Response Plan. Ensure that users are trained on their roles and responsibilities and consider conducting tabletop exercises.

5) Independent Testing of Environment

Find a trustworthy security partner to perform independent assessments against your environment to identify blind spots and opportunities for improvement. 6) Perform Risk Assessments Regularly

Confirm your control set is adequately protecting the organization by reviewing the key risks to the business.

Need some help?

Let us know. Feel free to reach out and we'll be happy to chat!