Since the beginning of the pandemic, ransomware and other cyber attacks have increased. Meanwhile, millions of people have gone from working in offices to working remotely. Organizations are increasingly relying on video conferencing, virtual private networks (VPNs), and remote desktop protocol management tools.
Many entrepreneurs believe that in order to reduce these risks, they should invest in new and larger solutions. However, it’s also important that they review the most common best practices, such as password policies, less privileged access, patching, and more.
Let’s look at some of these best practices that you can use to assess and control current risks.
Adopt the zero confidence model
It is time to change the way we think and address emerging cybersecurity issues. Many people believe that their defenses are so strong that they can overlook small issues and focus only on the main holes that could be easy targets for attackers. But today, that mindset will keep you one step behind the attackers. Instead, change the approach by adding the zero-confidence security model.
Instead of assuming that everything is secure behind the corporate firewall, the zero trust model assumes that breaches occur and verifies all requests as if they came from an insecure network. The zero trust attitude is “never trust, always check.”
Under the zero trust model, you can authenticate and authorize all access requests. It also makes it easier for you to detect and respond to any strange behavior or attack by blocking them before granting access to the network. Also, apply the principle of access with fewer privileges to reduce the risks.
The privileged threat
The biggest cyber threat to any group is its employees. An IBM report found that the privileged were behind 60% of cyberattacks, either on purpose or by accident. Many people make simple mistakes: visiting malicious websites, using compromised USB drives or other personal devices at work, or sharing sensitive information and credentials with another person. In addition, there are malicious insiders who intend to harm.
Here are some steps you can take to reduce the risk of privileged threats:
- Set a minimum privileges policy: Limit employee access to the resources they need only. Do not allow people to access crown jewelry data offline or from a personal device with only user credentials. Provide adequate access and identity security to allow remote access if needed, but also put strong authentication to grant access to critical data.
- Unsecured device policy: In the pandemic, the mobile workforce makes a lot of sense, but security is the main concern. There are many ways in which attackers can breach unprotected devices, such as losing devices or stealing them. Employees may not comply with company BYOD policies or use guidelines or use an insecure Wi-Fi network. A strong device policy is essential to ensure proper security, such as application installation control, antivirus software update, proper patch maintenance / updates, data erasure procedures, and encryption of data at rest and in transit.
- Provide training on cybersecurity risks to employees: Anyone can participate to promote digital security and training helps reduce the threat of possible scams and fishing attacks. Regular training can go a long way in preventing employees from falling for scams.
Third party risk management
External vendors have access to critical systems and sensitive data from their customers. But many vendors do not agree with the level of cybersecurity measures and precautions implemented by large organizations. This is one of the main reasons malicious attackers have focused their attention on external service providers: they use them as a scale to climb larger targets.
There are few common threats from external vendors:
- Misuse of privileges: Third-party vendors may misuse their access privileges. They may be able to access data that they are not supposed to access. To counter this, use proper access control while providing access to providers.
- Data theft: There is a high risk of data theft by third parties. If there is no proper third-party management policy, critical business data may be stolen.
- Human error: In addition to intentional data filtering, third-party employees may make mistakes, such as sharing or deleting important business information or misconfiguration systems. These common mistakes can lead to losses, both in terms of money and the good name of your business.
Limit the risks of third parties
An appropriate third-party risk management strategy can help reduce third-party threats. For example:
- Establish cybersecurity policies: Define clear rules for both third-party vendors and first-class employees who take care of them. Both parties should sign a service level agreement (SLA) detailing the controls that third parties must have.
- Restrict access to information: Install a privileged access management system to ensure that only authorized users have access to the resources they need to do their job. To add an additional defense layer, add two-factor authentication. Use unique VPNs and passwords, which will help you prevent infringements from third-party attacks.
- Perform periodic audits and continuous monitoring: Audit providers often to make sure they meet agreed requirements and policies. Monitor and audit them for possible weaknesses and flaws in their approaches.
- Plan your third-party incident response: A dedicated incident response solution is needed to ensure timely detection of suspicious and malicious incidents. Real-time threat intelligence is needed that may require due diligence when needed.
Missing security patches
Missing or delayed patches seem like a small problem, but they are important. Patches are released to protect resources from known attacks. Delays in the installation of these patches can put data and systems at risk.
While people work from home, a great VPN connection, antivirus software, endpoint protection systems, and operating systems should be prioritized. Any obsolete software should be upgraded to the latest version to minimize the risk of data breach.
You can also extend multifactor authentication (MFA). MFA should be required to access confidential data. If you apply new patches or solutions to your network, it is important to apply them to the entire potential attack surface. If any of the assets present in the network are not protected, it could become the attack vector of the entire network.
Awareness training for employees
Cybersecurity training and awareness, which create “human firewalls,” are critical for employees. Security awareness programs should include an ongoing process of employee training to combat threats.
The main goal of these programs is to teach them how to respond when faced with a problem. Some employees do not understand best practices for data privacy or that cybersecurity is part of their job.
When an attack comes, security is everyone’s job. Awareness programs and training help keep everyone on the same page. Employees should not be the weakest link in the chain. In fact, they may be the biggest resource.
Real-time incident management and response
All of this comes together under the umbrella of incident management, the ongoing process of real-time threat recognition, logging and hunting. It provides a complete view of threats and incidents. With a combination of software and human labor, your employees can recognize and neutralize threats. ISO / IEC 27035 provides a five-step process for managing security incidents:
- Be prepared to deal with threats and incidents.
- Identify possible incidents and risks. Report all incidents for further analysis.
- Assess known threats and incidents to determine the appropriate next steps to mitigate the risk.
- Start responding to the incident by containing it, investigating it, and resolving it (depending on the outcome of step 3).
- Learn and document key points to take away from incidents and use them as case studies to address any future issues.
These best practices will help you implement the incident management process.
To get started, develop an incident response team with defined roles and responsibilities. From here, complete a comprehensive training program for each role and responsibility. If an incident occurs, do a post-incident analysis to learn from successes and failures, and then make adjustments to the program.
Reducing damage and recovery costs requires a strong incident management process. This means choosing the right tools for the job. As attackers find new ways to exploit loopholes and vulnerabilities, the good ones must adapt these methods to move forward.