Trying to keep up with the latest security topics like Machine Learning, Artificial Intelligence and Anomaly Detection is enough to make your head spin. Knowing where to focus your cybersecurity efforts and where to spend your vital budget dollars can be a daunting task. The ugly truth is that many organizations are lacking the basic security practices which form the foundation of their security program. Considering that no defense is 100% effective, you may be wondering where to start. The below considerations are in no way an all-inclusive list, however addressing some basic, foundational and organizational security measures go a long way towards defending your organization. Consider the following:
Creating a security aware culture is vital. It means ongoing user training and educating yourself on the risks and dangers of the web. It's not enough to understand what phishing, malware and viruses are but you also have to understand how to react. Ongoing user training empowers users by reinforcing good behavior, and developing the tools needed to determine when you are being targeted. Elevating employee awareness can be enough to defend against common types of attacks like email phishing where victims are lured into providing sensitive information or clicking on fraudulent links to install malware.
Authorization and Authentication are important pieces to the security puzzle. Determining who should access your company’s data and ensuring the identity of users, is a critical challenge in protecting your organization's data. You have to ensure you have processes in place that limit access to sensitive data as well as processes which generate proper notifications upon role change or job termination. Without constant and proper review of access controls, organizations open themselves up to insider threats. This is applicable everywhere and is especially true in the Healthcare industry where 56% of incidents can be directly attributed to insider threats and privilege abuse (As reported by the 2018 Verizon Data Breach Investigation Report).
New vulnerabilities are discovered every day. During 2018 alone, there were over 16,000 new entries listed on the Common Vulnerabilities and Exposures (CVE) details website. Cybercriminals exploit known vulnerabilities at an alarming rate and many threats can be mitigated simply by keeping software and hardware up to date. A good rule of thumb is to patch promptly and patch often. Additionally, subscribing to various Cyber Threat Intelligence Feeds is a great way to stay informed of the latest vulnerabilities and malicious sources. There are both commercial and free open-source feeds available for use. Here is a link to a github post which describes several feeds available.
Encrypt sensitive data with strong encryption algorithms. Digital security has become vitally important to protect our data from cybercriminals. This includes encrypting data both in transit and while at rest. It is equally important to protect your database and file shares (data at rest) as well as the transmission of sensitive data and login credentials (data in transit). Proper encryption must be put into place to protect us in today’s complex world as we bank, shop, and do business over computer networks. One day you’re likely to be the victim of a breach. Strong encryption methods can render your data useless to thieves.
Multi-Factor Authentication (MFA)
People are notorious for being the weakest link in the cybersecurity chain. We are generally terrible at creating passwords. Despite continuous warnings, studies show that we frequently use the same or similar passwords across systems. This behavior, known as “password fatigue”, is the exhausting feeling experienced by people when required to remember an excessive number of passwords. As a result, many people resort to using one password for everything. Multifactor authentication (MFA) is a security system that requires more than one method of authentication. This system encompasses something you know (ex. Username and Password), something you have (ex. A token or one time pass code) and something you are (ex. fingerprint or retina scan). Implementing MFA can limit the damage that can be done if login credentials are lost or stolen.
Physical Security often takes a back seat to technical security controls within an organization. However, not all data theft happens online. Physical security measures are designed to prevent unauthorized access to facilities, resources and employees. If proper physical security controls are not implemented, all the technical controls in the world can't protect you. Access badges can be copied, and door latches can easily be slipped. In many cases, an intruder will go unchallenged if they look and act as if they belong. Proper tailgating policies and entry systems for restricted areas can help avoid unwanted guests from entering your facility.
Incident Response Procedures
Security incidents are a reality and knowing to respond to them is a must. Your incident response procedures or Your Incident Response Plan, must be explicit and readily available. Breaches occur daily and can cost millions of dollars as well as irreparable damage to reputation. Having a comprehensive and well-rehearsed IR Plan enables organizations to respond quickly and efficiently. Furthermore, exercising the IR Plan on a routine basis familiarizes staff with their roles and responsibilities. It also allows for continuous process improvement and targeted plan development.
Start At The Bottom, Climb To The Top
One recurring theme you may notice about all the above items is that they all require a continuous, proactive approach to your cyber security efforts. If you need help or don't know where to start, contact us today. Ask about an IT Security Controls Audit. See first-hand how this service can evaluate the technical, physical and administrative controls within your organization as well as provide a long-term roadmap to the further development of a solid security program.
Written by Aaron Moore
Aaron has over twenty years of IT experience spanning a variety of domains including: Banking, Agriculture, DoD and CPG industries. Aaron possesses his Security+ CE certification and currently serves as a Sales Engineer at TechGuard Security. In this role, he acts as the liaison between the sales and technical teams, matching client needs to the core capabilities. Aaron has served as a consultant for multiple Fortune 200 organizations, fulfilling roles in application development, database design and database administration. In his spare time, Aaron and his wife can usually be found at the baseball or soccer fields watching their kids play sports.