Prepare for IncidentsA cybersecurity incident may occur later today, or potentially it has already occurred. There’s never going to be a better time to implement the fundamental steps of incident response preparation than right now. You could wait until you feel like you’ve made progress in other areas, but I recommend you schedule a repetitive walkthrough of your incident response process. Put it on the calendar, and then sit down with your team in a table-top exercise to review your communication plan, escalations and fundamental steps for handling an incident. Each time you perform this walkthrough, you’ll improve your capability. What’s more, including other important functions like business leadership and corporate communications in these exercises will help you respond when the real thing occurs.
Increase Visibility and Identify Blind SpotsThe adage you can’t protect what you don’t know you have is valid. An inventory of systems and a solid understanding of the data you have and where it goes is essential, but you also need to know what you can see and what you can’t. Start building a picture of what your environment includes and what you have the ability to see. Pay attention to the areas that you lack visibility into, which may be outside of your network in areas like vendors, partners and other third parties. Like preparing for an incident, schedule time to review your vision space and blind spots frequently and continue to learn where you lack visibility and what you can do to get a better view of your world.
Sure Up the Most Attacked VectorsA general review of the various data breach and incident reports show that users are attacked at a high rate. They are generally attacked by email using phishing attempts and by phone via vishing attacks. Preparing your organization’s users by giving them valuable training and tips for avoiding these attacks, then looking for ways to bolster your defenses with prevention technologies, is time and money well spent. At an extremely high rate, these phishing and vishing attempts utilize malware as part of the attack. Consider that basic anti-malware solutions are a basic ingredient but that you may also need some added protections. As a first fundamental step, make sure that anti-malware technology is deployed on all systems, that it is updated regularly and frequently and that it scans in real-time and not just during a weekly schedule. It is also very important to consider that anti-malware on its own won’t stop all malware and it has to fit into a layered approach of defenses. You wouldn’t purposely walk across a firing range just because you had a Kevlar vest on, and you shouldn’t feel bullet proof with your anti-virus software.
Find and Fix VulnerabilitiesA good analogy to convey the importance of updates and patches is to think of your business as a ship. Every outdated app, security policy and program is another hole in the hull. With too many holes, soon your ship is drowning in threats, reducing safety, efficiency and causing a myriad of problems. An active, efficient security program means you must patch regularly. Are there systems and programs you no longer use? Remove them. Are there vulnerabilities in firmware or other configurations? Patch them. Outdated, obsolete software of any type is a surefire way to create needless vulnerabilities in your enterprise.
Consider Needed TechnologiesNow that you are covering the essential functions, you can now consider some useful protection technologies.
- Two Factor Authentication – Two-factor authentication is a very effective way to immediately improve enterprise security, adding an additional layer of protection for logins. Let’s face it, passwords are hard. Users tend to reuse them, and because of data breaches that have already happened, most of the passwords your users will think up are already in a dark web database somewhere right now. So enable a user-friendly two-factor authentication technology as soon as you are able.
- Encryption – Once you know what your important data is, utilize technologies to encrypt it, and also encrypt communications between systems where ever possible.