Cyber Security is a complicated subject and even many of IT professionals don’t know where to start.
There some key points you need to consider for securing your environment. The most important key point is to build a complete solution and awareness in your organization. This takes time and therefore, it would be better if you start creating company culture today.
Key point here is that as a manager, security architect, engineer, do not have exceptions such as “allocating a weak password to a business owner”, “open a http port to an internal server on your firewall” or “not reviewing your firewall rules for a long time”. I give you a one tiny example for this. Citrix is one of the biggest IT company in the world and sometimes they create the security standards and one tiny weak password caused big massive security breach in March 2019.
Let’s start building security!
According to the government reports, more than %90 attacks comes from emails and hackers are improving their tactics every day. So, it is really important implementing e-mail filtering in front of your mail server/system. For example, almost all of us are using Office 365 nowadays and default security in Office 365 only capture %10 well-known malwares.
Password Policy and Privileged Accounts
According to the security surveys, every organization uses “not expire” or “weak password” on administrative accounts or privileged employees accounts. As I mentioned above, Citrix had a weak password and they have been hacked. So, it would be better at least every 90 days, you should change every account’s password. This is sometime a big job for small IT teams and some of us things that your organization to small to be hacked but reality is completely different. For SMBs, getting hacked causes “big business loss” or even “closing the doors”.
Also, many organizations have countless privileged accounts for everyone. Sometimes we as an engineer provide more permission (domain admins for example) to users who does not need it. Because it is easy to give domain admin than create roles for specific needs. After that we forget what we have provided until we get hacked. I have personally seen 2x Enterprise/Schema Admins, 12x domain admins, 5x Office 365 Global admins for a company has 75 employees.
Do not forget, hackers don’t care how small you are, they have tools to scan/attempt every IP, ports, week passwords.
According to Microsoft, only %2 global admins in Office 365 have MFA enabled. This is a real protection today even you have a weak password mentioned above. Without second approval, no one can get in your system. Not only, privileged accounts, we are talking about every account you have, users, SAP, VPN, Office 365, RDP… This security will secure your system perfectly even your account has been compromised.
For protection, I assume every one of you have endpoint protection system on your client (Desktop, PCs). Even you bought the license and install the app to end-user system, do we sure that every device has it and they are all fully patched? Do you block removable devices? What about Mobile Devices, Tablets? You have full protection on the PCs and Laptops and many of us do not protect mobile devices which they are the biggest target today including Apple devices. Last 2 years consistently, attacks to Apple devices are increased by %5000.
For Management, again I assume many organizations have PC/Laptop management tool such as SCCM. However, today mobile devices are part of our daily basis jobs. So, today mobile device management is more important then PC/Laptop management. Every one of us has mobile phone, tablet to reach our emails, portal, applications. Therefore, we need to manage those devices and apply company rules to them.
According again survey, more than %90 SME business have a firewall and again many of them don’t review the rules over years. That actually causes big issues. All those years we have seen many incidents and one of them is to a port had been opened years back but target IP address have been given to a new server and that creates vulnerability. We strongly recommend you get a firewall or get a Firewall as a Service and review the rules at least once in six months.
Threat monitoring allows for continuous oversight of any vulnerabilities across your networks. Cybercriminals take the path of least resistance, don’t leave a door open. There are many technologies you can buy/lease or use as a service to monitor what is going on your system. Here we are not talking about traditional server monitoring. We are talking about SIEM products that have AI and Machine Learning mechanism to monitor all suspicious activities on your network/servers.
Employees can make or break security. To create user security policies is not enough to get full support. You need to get full support from C-Level and to create a company culture for cyber security. This awareness is a key subject fighting against hacker. All protection apps, devices above are perfect but it would be better to educate end-users and reduce the risks. Establish a training program with regular testing such as phishing attacks.
Consider this step one in your cyber security protection plan. Also known as ethical hacking, it will identify vulnerabilities in a system or network that has existing security measures in place. Once you get the gaps, then we can protect the system.
and Disaster Recovery
We have to clear on one thing here that is there is no %100 security. Therefore, we need backup to recover data if we need it. Statistics shows that the companies that have good backup and disaster recovery strategy, they are easily back on business if they are affected by cybercrimes.
Physically Protect Equipment
Seems simple enough, but it’s also important to physically protect and restrict access to your critical equipment as much as you need to restrict virtual access. Data can be accessed or compromised through physical access too! Some tips for creating a physically secure environment
If you need any assistant on cyber security, you can request a FREE consultation now.