More Cybersecurity Tips To Help Protect Your Business
This is a continuation of a previous blog where we discussed 5 of the 20 SANS Critical Security Controls that’ll help protect your business while saving you money. If you missed our last post, you can check it out here. If not, check out these 5 tips to protect your business without breaking the bank.
1. Secure Configurations for Network Devices: Actively manage (track, report on, correct) the security configuration of network infrastructure devices using a rigorous configuration management and change control process.
The default security settings on network infrastructure devices like routers and switches are commonly set up without following security best practices. Hidden “gotchas” such as default passwords and pre-programmed software are vulnerabilities that malicious hackers can exploit to get into your network. When setting up networks devices, you need to be sure that they are up to proper security standards. These standards must be upheld for the entirety of each devices lifespan, and be reevaluated continuously. Devices develop holes in their security as time passes. Users may change settings for business needs, and leave them undone afterwards. Hackers know things like this happen, and will wait for older devices to become vulnerable to strike. Therefore, configurations on devices must be continuously monitored so that holes in your defenses do not stay open long, or at all.
Long story short: Make sure network infrastructure devices are up to security standards, and are reevaluated continuously.
2. Boundary Defense: Detect/prevent/correct the flow of
information transferring networks of different trust levels with a focus on security-damaging data.
Attackers will look to find weaknesses and penetrate your perimeter systems, networks devices, and all things separating your private network from the internet. Once these people are inside your boundaries, they will go deeper into your systems so that they can have access to your sensitive business information. One hacker recently stole millions of dollars from a casino, getting in through an unsecured WiFi connected thermostat monitoring the temperature of their showcase fish tank. Once hackers find a way in they will be able to change or steal your information, or even set up some sort of presence in your systems so that they can access it later. To prevent this from happening you should set up firewalls on all your boundaries, so that they cannot be accessed. Another way to protect yourself is by implementing Intrusion Prevention Systems (IPS) and content filtering on all of your network boundaries. IPS’s will examine your businesses network traffics so that you can detect and prevent vulnerability exports.
Long story short – Set up firewalls and implement IPS on all of your network boundaries, and leverage content filtering systems to keep your network safer from suspicious internet IP addresses.
3. Data Protection: The processes and tools used to prevent data exfiltration, mitigate the effects of exfiltrated data, and ensure the privacy and integrity of sensitive information.
Data protection is cybersecurity 101. Every business has sensitive information, be it customers names and addresses/emails to actual payment and account information – and malicious hackers want to see it. It’s up to you to prevent that from happening, and the best way to do that is preventing data exfiltration (unauthorized transfer of data from a computer.) and minimizing the effects of data that gets exfiltrated. Any data transfers should be reported, and a process needs to be implemented so that there is standard procedure to follow. Another common mistake companies make is they store their most sensitive business data in the same location as all their other data. Extra sensitive data should be treated as so. Run a diagnostics on your business data, and assess what data is the most important. Once that’s done, put extra encryption on it, so that it is harder to access for attackers. Simple file access rules/groups among your employees can also be established so only those that should have access…well, have access.
Long story short – Prevent data exfiltration and implement a process for tracking and protecting data transfers. Organize your data so that the most sensitive data is in a separate location with encryption and organize your employee logins into security groups so only authorized users have access to sensitive data (see the next point).
4. Controlled Access Base on the Need to Know
Not everyone in the company needs access to every piece of information. When it comes to sensitive data, the fewer amount of people that have access to it, the safer it is. With that in mind, organize your network into sections based on the label (marketing, sales, etc.) or the sensitivity of the information. After that you should limit access to the sections based on who needs access to the information in that specific section. The more sensitive sections should be encrypted and sensitive user/security groups should have activity tracking enables so if a file gets moved/copied, you can find out about it.
Long story short – organize your network based on the label and the sensitivity of the data, limit the access of the different sections only to those who need access to it, and enable tracking of activity on sensitive files.
5. Wireless Access Control: The processes and tools used to track/control/prevent/correct the security use of Wi-Fi, access points, and wireless client systems.
Wireless networks are easier to access and infiltrate than wired ones. It’s not uncommon for a client or employee to be hacked while on a public WiFi at the airport or in a coffee shop. Attackers will attack by bypassing your perimeter wirelessly and gaining access to your information. There are a couple of different things you can do to protect yourself from a wireless attack. First thing you can do is create a separate network for untrusted devices or personal devices that people bring into your business. Doing will make you network better protected against an infected device being connected to your network by an employee or client. You can also use the Advanced Encryption Standard (AES) to encrypt your devices will traveling and avoid public Wi-Fi usage as much as possible. One alternative is most smartphones have hotspot capabilities.
Long story short – Create a second network for untrusted and personal devices, avoid public Wif-Fi networks as much as possible, and use AES to encrypt you devices.
Groff NetWorks has a proven process, and can make sure your company is doing these system backups properly, and make sure they are prepared for any oncoming attacks in the future. Groff can help explain and implement any of the steps that have been gone over in this article, and any of the steps in the next article about SANS Security Controls.