Cyber security for modern businesses can be complex and difficult to understand. Many of the protocols and processes used to defend an organization from attackers are extremely technical and require an in depth knowledge of networks and IT infrastructure. However, the foundation of a secure environment can be built using some of the most practical controls that are simple to implement and effective. Below are 12 controls for effective security in small-medium sized businesses.
Multifactor authentication or 2FA has become increasingly important in securing your login credentials from outside attackers. Using an alternate form of authentication via Duo Mobile, Google authentication, or LastPass can help make sure that even if your basic login credentials are stolen there is still a line of defense protecting your applications. Linking your account to an MFA service forces the user to provide an additional QR code or combination of digits that is randomly generated in order to the bolster the defense of often weak usernames and passwords. All of your accounts should be secured using a trusted MFA service, especially for email accounts, VPN, or critical systems access.
Every business needs an incident response plan in place in case of the unfortunate event that a data breach occurs. Such a plan includes processes concerned with documenting, identifying, and remediating security incidents within an organization. In some cases an incident response plan may be required for auditing and compliance to frameworks, including NIST, CMMC, PCI-DSS, etc. Not only should businesses create an IR plan, but said plan must also be tested numerous times to prove its effectiveness against real attacks as well as making sure appropriate staff and personnel is assigned to maintain and implement the plan effectively. CorpInfoTech can help in developing and maintaining an effective incident response plan for your business.
Making sure that remote access ports are blocked at the firewall is integral to protecting your network from intruders. If your network gateway isn't secured from the public network it is entirely possible that attackers can remote into your network and wreak havoc on your systems. In fact, this is a favorite tactic of cyber criminals when distributing ransomware to businesses. Reassigning RDP to a non-standard port (3389) can prove beneficial however it isn't full proof. Attackers can pretty easily scan ports in mass to find where you've assigned RDP. To mitigate this your organization shouldn't expose RDP to the public internet at all, instead opting to keep it inside a VPN or firewall. Gaining remote access into your network and encrypting your data is an effective way of bringing down your business.
Having offline backups of your businesses data is necessary for maintaining a secure environment and effective security. However, due to the nature of cyber criminals it isn't enough to just have backups. You must take care to encrypt and protect your backups even when they may not be directly in harms way. Additionally, air gapping your backup's and storing them in a location inaccessible from an external connection ensures that no one from outside your network is has access. Just like your incident response plan your backups should be continually tested and maintained to ensure that when the time comes you are ready to handle any data breach. Managing these backup's effectively includes file-by-file spot checking and testing complete restoration events.
Your email systems need to be secured from both inside and out. Using DKIM, SPF, and DMARC you can ensure that your businesses domain isn't being impersonated from an outside source. Additionally, installing filters to prevent unknown accounts from emailing your employees within your organization can help decrease the amount of phishing attempts your business is hit with. Security awareness training should also educate users on what social engineering looks like and how to respond or spot a malicious email. You can read more about the Essentials of email authentication here! Additionally, you can learn how to setup DKIM, SPF, and DMARC using Google Workspace by reading CorpInfoTech's step by step blog.
One of the easiest ways hackers can gain a foothold into your organization is through end-of-life devices or software. This means that legacy technologies that are no longer supported are large targets for cyber criminals because of the outdated security of many of these devices. Updating and maintaining both software and hardware is an integral part of patch management, however outdated technologies may not offer the level of security needed to counterattack modern hacking techniques. Ensuring that your business moves on from outdated OS' or applications and opting for modern and secured technologies is crucial. While it may be expensive to completely overhaul existing infrastructure, it will ultimately save your organization in the long run in the event of a security incident. Examples of legacy systems include: Windows 7, XP, Server 2003, and Server 2008 R2. Many business still use these services, however they will add to the overall cybersecurity risk in your organization.
End point detection and response technologies(EDR) can help prevent malware and ransomware from infecting your system by detecting it before it enters your system. EDR can also prevent other malicious activities including credential dumping and network reconnaissance. Using AI and machine learning it is possible to block a majority of attacks made against your business. Additionally, EDR solutions provide detailed information on how attacks were made against your network and what trajectory they took. These details may prove invaluable for security analysts seeking to strengthen your organization's security posture. Contact CorpInfoTech to develop endpoint protection and remediation.
If your organization is hit with a cyber attack your first response should always be to contain damages and reduce spread. However, your next step should immediately involve detailed logging of systems, and perimeter devices. One common mistake organizations make is neglecting to document and log security events for forensic teams or security analysts who are seeking to restore systems after an attack. Endpoints, servers and other equipment often include the ability to log and generate reports on significant events that take place. Collecting, maintaining, and centralizing the storage of these logs using a Security Incident Event Manager (SIEM) benefits your organization tremendously. Having a 90 day period where logs are retained is considered a best practice for organizations.
Human error is the number one cause of cyber incidents. With the increase of phishing attempts and social engineering it is important that every employee knows what the risks are when conducting business online. Security awareness training informs employees of tactics cyber criminals use to infiltrate organizations and how they can identify potential threats.
A dedicated program that is focused on updating and patching software and devices makes sure that your organization is running on the most secure versions of the applications your business needs to run effectively. While updates and patches can be annoying, most updates include crucial security controls for a vulnerability within the software. The importance of updating cannot be understated in the modern business.
Passwords are your first line of defense in securing your business applications. However, it's not enough to have a simple username and password anymore. Making sure your passwords are unique and complex significantly increases the security of the accounts and apps you use to conduct everyday business. This is all part of maintaining good password hygiene. You should also utilize password managers such as LastPass to enable you to use different and varying passwords across all accounts. Adopting the "least-privilege access" mindset helps ensure that only those who need access to resources within your network have it. Essentially, everyone in your organization should only have access to what they specifically need to conduct business. Common end users don't need administrator access, by limiting these permissions you can drastically increase your security.
Ensuring that the vendors and third party companies you work with are secure should be a top priority. While breaches can often come from within your organization, they can also impact your indirectly through a breach somewhere in your digital supply chain. If a partner isn't secure it is entirely possible that this could also impact you despite your own practices. Having this broad view of security that encompasses more than just your business is smart in the long run. Effective security is one key to a secure business.
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.