Setting up a cybersecurity program is important, but it can seem like a daunting task.
Organizations shouldn’t feel as if they should try to do everything overnight. This can be overwhelming and become counterproductive.
When setting up a cybersecurity program, it’s important to get the basics solidly in place before acquiring and deploying defenses for every possible attack scenario. The latest and greatest anti-phishing defense won’t do you much good if you’re already hacked because you don’t have a firewall.
There is a caveat to this: A strong organizational cybersecurity posture is based on an ongoing process. The security threat landscape is constantly changing, and organizations need to be continually adapting in order to protect their sensitive data and resources.
When implementing baseline cybersecurity, there are three main areas to consider:
Implementing basic security controls in each of these levels makes a significant difference in an organization’s overall security posture.
In a network, the endpoints include all “computers”. At a minimum, this consists of user workstations and servers. It also incorporates anything that may be connected to the organization’s network (e.g. mobile devices, Internet of Things (IoT) devices).
When securing the endpoint, two of the most important things to have in place are antivirus software and a firewall. The antivirus’s job is to identify and remove any potential malware on the endpoint. The firewall locks down access to the computer to allow only what is necessary.
Between the two, they do a decent job of securing the system. It’s vital to keep them updated to ensure identification and response to the latest threats.
Once you have these in place you must consider the need for additional security should be considered.
For mobile devices (laptops, smartphones, tablets, etc.), it is also a good idea to install a virtual private network (VPN) for remote access. A VPN encrypts the user’s traffic between their computer and the VPN endpoint (which is installed on the enterprise network).
VPNs are an invaluable security solution for workers on the move since they provide the employee with the same level of access and cybersecurity protections that they would have if they were connected directly to the enterprise network.
Finally, the importance of a strong password policy for endpoint devices cannot be overstated. New computer hardware often comes with default passwords built-in. These passwords should be changed immediately to help protect the device from attack. Botnets like Mirai and others were built by malware that simply tried to log into IoT devices and other hardware using default passwords.
Strong passwords consist of at least 12 characters, include a mix of different types of characters, and are not made up of information easily associated with the user.
The next step up from endpoint protection is securing the network itself. Most organizations begin with a perimeter-focused approach to network security, where cybersecurity defenses are deployed at the connection point between the enterprise network and the larger Internet. This design helps keep attackers from gaining access to the network and can be augmented by additional protections to implement in-depth defense.
Just like endpoints, the enterprise network needs to be locked down against unauthorized access and protected against common attacks. This is typically accomplished by deploying a network firewall and an Intrusion Detection System (IDS).
A network firewall needs to be configured to ensure that only authorized traffic can enter and leave the network. Most organizations configure their access control lists (ACLs) with the following strategy:
This default ruleset provides a high level of security for the network by default and then makes the network more usable through the exceptions to the rules.
An Intrusion Detection System (IDS) acts as an antivirus for the network, scanning traffic for signs of malware or other malicious content. An IDS alerts the security team about anything that it detects, or an Intrusion Prevention System (IPS) blocks attempted attacks.
Many organizations have a web presence that is a core part of their ability to do business. If this is the case, a web application firewall (WAF) is a wise security precaution. These systems work as a specialized firewall designed to identify and block common attacks against web applications. Since web applications are a common target of an attack, protecting them properly is always a good idea.
Finally, a strong basic cybersecurity strategy involves securing the user. The best firewall in the world is not much help if the user turns it off in order to access their less secure connection to an app or service, for example.
While a full cybersecurity awareness training program can be a significant investment, even basic training on a few topics can head off expensive damage:
This sort of training can be performed as an employee orientation and augmented with more formal training later. However, laying the groundwork with standard policy and procedures early dramatically minimizes the organization’s vulnerability to attack.
Taking these basic steps to protect the organization is essential to the security of the company. However, the modern cyber threat landscape means that additional steps will be necessary to protect the organization against cyberattacks.
To find out how Avertium can help bring your cybersecurity to the next level, reach out for a consultation.