Setting up a cybersecurity program is important, but it can seem like a daunting task.
Organizations shouldn’t feel as if they should try to do everything overnight. This can be overwhelming and become counterproductive.
When setting up a cybersecurity program, it’s important to get the basics solidly in place before acquiring and deploying defenses for every possible attack scenario. The latest and greatest anti-phishing defense won’t do you much good if you’re already hacked because you don’t have a firewall.
There is a caveat to this: A strong organizational cybersecurity posture is based on an ongoing process. The security threat landscape is constantly changing, and organizations need to be continually adapting in order to protect their sensitive data and resources.
Getting Started with Cybersecurity
When implementing baseline cybersecurity, there are three main areas to consider:
Implementing basic security controls in each of these levels makes a significant difference in an organization’s overall security posture.
In a network, the endpoints include all “computers”. At a minimum, this consists of user workstations and servers. It also incorporates anything that may be connected to the organization’s network (e.g. mobile devices, Internet of Things (IoT) devices).
Antivirus and Firewall
When securing the endpoint, two of the most important things to have in place are antivirus software and a firewall. The antivirus’s job is to identify and remove any potential malware on the endpoint. The firewall locks down access to the computer to allow only what is necessary.
Between the two, they do a decent job of securing the system. It’s vital to keep them updated to ensure identification and response to the latest threats.
Once you have these in place you must consider needs for additional security should be considered.
Virtual Private Networks
For mobile devices (laptops, smartphones, tablets, etc.), it is also a good idea to install a virtual private network (VPN) for remote access. A VPN encrypts the user’s traffic between their computer and the VPN endpoint (which is installed on the enterprise network).
VPNs are an invaluable security solution for workers on the move since they provide the employee with the same level of access and cybersecurity protections that they would have if they were connected directly to the enterprise network.
Finally, the importance of a strong password policy for endpoint devices cannot be overstated. New computer hardware often comes with default passwords built in. These passwords should be changed immediately to help protect the device from attack. Botnets
like Mirai and others were built by malware that simply tried to log into IoT devices and other hardware using default passwords.
Strong passwords consist of at least 12 characters, include a mix of different types of characters and are not made up of information easily associated with the user.
The next step up from endpoint protection is securing the network itself. Most organizations begin with a perimeter-focused approach to network security, where cybersecurity defenses are deployed at the connection point between the enterprise network and the larger Internet. This design helps keep attackers from gaining access to the network and can be augmented by additional protections to implement in-depth defense.
Firewall and IDS/IPS
Just like endpoints, the enterprise network needs to be locked down against unauthorized access and protected against common attacks. This is typically accomplished by deploying a network firewall and an Intrusion Detection System (IDS).
A network firewall needs to be configured to ensure that only authorized traffic can enter and leave the network. Most organizations configure their access control lists (ACLs) with the following strategy:
- Allow all outbound connections by default
- Block all inbound connections by default
- Add specific exceptions to these rules as needed, i.e. allowing HTTP(S) requests to a web server
This default ruleset provides a high level of security for the network by default and then makes the network more usable through the exceptions to the rules.
An Intrusion Detection System (IDS) acts like an antivirus for the network, scanning traffic for signs of malware or other malicious content. An IDS alerts the security team about anything that it detects, or an Intrusion Prevention System (IPS) blocks attempted attacks.
Web Application Firewall (WAF)
Many organizations have a web presence that is a core part of their ability to do business.
If this is the case, a web application firewall (WAF) is a wise security precaution. These systems work as a specialized firewall designed to identify and block common attacks against web applications. Since web applications are a common target of attack, protecting them properly is always a good idea.
Finally, a strong basic cybersecurity strategy involves securing the user. The best firewall in the world is not much help if the user turns it off in order to access their less secure connection to an app or service, for example.
While a full cybersecurity awareness training program can be a significant investment, even basic training on a few topics can head off expensive damage:
- Cyber Defenses: Understanding the need for the firewall and antivirus to be managed and kept updated
- Phishing: Understanding what a phishing attack is, how to identify it, and what to do about it
- Password Security: Understanding the importance of using strong, unique passwords, especially for business accounts
This sort of training can be performed as an employee orientation and augmented with more formal training later. However, laying the groundwork with standard policy and procedures early dramatically minimizes the organization’s vulnerability to attack.
Beyond the Basics
Taking these basic steps to protect the organization is essential to the security of the company. However, the modern cyber threat landscape means that additional steps will be necessary to protect the organization against cyberattacks.
Additional Security Tips
- Do not write down your passwords or credentials or save in a file on your computer. We suggest using a password manager application.
- Do not use the same password across multiple accounts or systems.
- Be sure to set a best practices policy for yourself and others to lock your screen every time you walk away from your computer.
- Unauthorized software downloads to your computer should not be allowed to happen in the workplace. Always request approval.
- Checking your personal email or other personal accounts is a definite no. Attacks targeting your individual account can then extend out to the entire company.
To find out how Avertium can help bring your cybersecurity to the next level, reach out for a consultation.