5 More Critical Security Controls That Won’t Break the Bank
A few months ago, we posted a blog detailing five of the twenty critical security controls that are recommended by SANS institute and the Center for Internet Security (CIS). This is a continuation of that post, and will go over the next five recommendations that will protect your business from cybersecurity threats at a low cost.
1. Maintenance, Monitoring, & Analysis of Audit Logs: Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
Have you ever worried that you or your company has been hacked and you don’t even know it? having proper audit logs will prevent this paranoia. Security logging and analysis is sometimes the only record of a hack or breach, so if it is not done properly hackers may have come and gone without leaving a trace for you to find. Even if the hack is noticed details surrounding the attack and what actions the victim needs to take next will be blurred if there is not proper logging. It is a key step the recovering from attacks so you can get right back up if you get knocked down. All that being said, It may be worth your time to buy some SIEM products, and ensure local logging for all the devices on your network. The logging can also be funneled to a central log management system so that it may be looked at and reviewed.
Long Story Short: Log your systems, and review and analyse them so that you can detect if you have been breached and if so how severely.
2. Email and Web Browser Protections: Minimize the attack
surface and the opportunities for attackers to manipulate human behavior through their interaction with web browsers & email systems.
Phishing attacks are the most common way malicious hackers can enter your system. They attack unsuspecting employees via email or web browser by pretending to be a trustworthy source and enticing the user to click on their link or download something that will infect the system. The best way to prevent this is to educate your users on basic cybersecurity so that they are better educated what to click and not click. We have an article about how you can teach your employees properly. Also, it’s important to make sure that only verified web browsers and email servers are being used with ideally the latest updates installed. Implementing Domain-based Message Authentication, Reporting and Conformation (DMARC) is another good idea. It’s an email validation system used to prevent email spoofing.
Long Story Short: Educate your users about phishing attacks, and make sure that your web browsers and email clients are verified and updated.
3. Malware Defenses: Control the installation, spread, and
execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, & corrective action.
If you haven’t already followed this step at least a little bit, I’m guessing your the same kind of person that doesn’t ever have a case on their iPhone. Malware defense is a necessity not just in the workplace but on all your electronic devices. It is recommended that you use software that compiles information on file reputations. You should also have automated tools that monitors all workstation servers and devices that have anti-malware and spyware on the device. These tools should be implemented at multiple points of entry so there can be rapid updating, data gathering, and action if it needs to be taken.
Long Story Short: Install anti-malware software, and deploy a range of automated tools that control the installation and spreading of malicious code.
4. 9. Limitation and Control of Network Ports, Protocols, and
Services: Manage (track/control/ correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.
Hackers are going to look for any way to breach your system, and one of those ways might be through remotely accessible networks services. This may include file and print serves, or web and mail servers with poor configuration. A lot of software packages install services that turn on these weaknesses, even if there is no business need for them. You will not be informed about these services when they become active, so its important to regularly run automated port scans on all of your systems so you can be notified if anything unwanted is latching on to your system. Don’t let any flash drive plug into a company computer, make sure you know what is being connected to your server, its better to be safe than sorry.
Long Story Short: Preform automated port scans often, and make sure there are no unwanted services that could breach your system.
5. Data Recovery Capability: The processes and tools used to
properly back up critical information with a proven methodology for timely recovery of it.
In the event of a breach, it can be very difficult to recover all lost data, or see what subtle changes the attackers have made, if there are not proper backup processes in place. A business may never recover if they are hacked while they are unprepared. All the progress they have made will be lost. Systems need to be updated constantly, and allow for a quick recovery of systems in case of an emergency. Having a process in places is very useful, and the validity of the process should be tested to make sure it actually works.
Long Story Short: have your systems be backed up regularly, and have a process in place to recover data if it is needed.
Groff NetWorks has a proven process, and can make sure your company is doing these system backups properly, and make sure they are prepared for any oncoming attacks in the future. Groff can help explain and implement any of the steps that have been gone over in this article, and any of the steps in the next article about SANS Security Controls.