October 2020 marks the 17th year of the National Cybersecurity Awareness Month (NCSAM). This awareness campaign is used to raise awareness about the importance of cybersecurity across the nation. The goal is to ensure all Americans have the resources they need to be safer and more secure online. The theme for 2020 is:
“Do Your Part. #BeCyberSmart.”
K·Coe has summarized the most helpful information and tips in a series of articles to create cyber-awareness and empower organizations to protect their part of cyberspace.
4 Steps for Maintaining Good Cyber Hygiene
Did you know that it’s considered common for a hacker to have access to a system months before an exploit? This extra time allows the criminal to infiltrate your systems, explore your network and learn your habits, and understand what is important to you and the company.
Some things never change. As the list of cyber concerns continues to grow and cybercriminals invent more elaborate schemes – crypto-mining, ransomware, third-party and supply chain attacks, phishing and malware exploits, DDoS attacks – this is a reminder that it is especially important for all businesses to practice basic cyber hygiene and follow/update industry best practices.
With so many types and ranges of security threats, it can feel overwhelming at where to begin, and how to ensure you’re protected. Here is a simple 4-step cycle that every organization can easily follow for basic cyber hygiene: identification, protection, detection and response.
A company should identify and quantify the level of risk associated with information technology and their IT assets by completing and maintaining a written IT Risks and Controls Assessment.
- Considerations may include: web-based interfaces, third-party risk, physical security, and cyber concerns.
- A data flow diagram should also be in place so there is a clear understanding of how all assets are connected to the network and each other, segregated, and protected.
Employees and owners cannot be expected to understand all relevant and critical expectations if they are not laid out in a clear, concise, written and professional manner. Upon completion of the IT Risks and Controls Assessment, the organization should unveil high risk areas to address concerns in a systematic and organized way. Creating policies and procedures to govern the IT assets will help to mitigate risks, and will provide a roadmap and set expectations for the enterprise assets.
Next, implement the plan to mitigate and protect against those risks.
- Adopt technical controls, including content filtering, anti-spam, anti-malware, endpoint protection, reputation services, quarantine/sandboxing services, and email filters, which will help to stop hackers from getting into your organization.
- Educate and test employees within to spot and respond to phishing and other forms of social engineering that can squeak by even your best defenses.
- Employ a IT person or consultant to ensure all critical patches are tested and applied in a timely manner. Patches may need to be dispatched on operating systems, browsers, browser-add-ons, web server software, database software, and remote management software.
- Ensure written password guidelines are current and enforced. This could include password length, complexity, and allowable attempts. It is a best practice to also turn on account logons to lock out an account after so many guesses. (These specifications should be included in your comprehensive set of policies mentioned above.)
- Detection (Monitoring)
Every organization should establish a baseline for normal operations. This will allow for early warning when the inevitable happens.
- Implement detection controls such as: intrusion detection systems, endpoint detection, network traffic analysis or honeypots.
An early detection system could help discover these threats and shut them down (respond) before a crisis strikes.
Understand that breaches are common and even with the best defenses the worst could happen. Should your data and credentials become stolen (and data encrypted), you will need to stop the damage the best you can, find out how the hackers got in, shut off continued access, and plot a recovery plan.
Businesses should have an incident response management plan in place to address these items. The plan should address how to best protect and defend your organization, customers, and employees and should be updated regularly to include the ever evolving threats. And finally, once the threat is maintained, a business continuity management plan would need to be enacted to get operations running back to normal.