To have a strong security posture you must address the three main areas of defense for protecting your business: technology, policy and people. All three work in conjunction with one another to protect the business. By the way, fortifying your security posture is a business initiative, not an IT initiative. If you position it as “an IT thing” — IT. WILL. FAIL. That’s a tough pill for some to swallow but information security is a business initiative AND everyone’s job.
Now, let’s give each security component the attention it deserves. This first in a three-part blog series is about TECHNOLOGY.
NOTE: There are no perfect solutions for information security, but new tools and resources are being developed that make it easier than ever to protect your assets from the inside and the outside.
TECHNOLOGY TIPS AND SUGGESTIONS:
- Start with penetration tests and risk assessments that check for vulnerabilities inside and outside of your organization. You must have firewall protection, but in this modern world, that is not enough. However, firewalls should always include a visibility tool (IDS) and a control tool (IPS) for monitoring traffic coming AND going.
- The best way to secure your corporate information is to be proactive rather than reactive. Have systems in place to do behavioral analysis and anomaly detection so that you get alerts BEFORE someone gets in or out of your organization.
- Make sure you get regular check-ups. Vulnerability scans should be followed with vulnerability exploits. These should be run more than once a year. Use your internal tools and outside help for a better look at your potential weak spots. Leave no stone unturned.
INTERNAL DEFENSE QUESTIONS:
What are your printer vulnerabilities? This is one of the most commonly overlooked areas of vulnerability. Are you using default credentials on these network-connected devices? If so, the bad guys can get in and possibly spread, do database searches and garner all sorts of information from the content held within that device or the network areas it accesses.
What about your workstations? If I’m the bad guy, I want to get in by any means necessary. Once in, I will spread, elevate and stick around for as long as possible. I want to sniff around your machine and find any leftover administrative credentials.
Then I can go anywhere.
What are the bad guys looking for? Anything. Names. Addresses. Phone numbers. EMAIL addresses. The bad guys want to know where you go and what you do. They are studying you. They do this so that, ultimately, they can convince you that they are someone they are not. The bad guys are extraordinarily patient.
What should you do?
- Verify all patch levels are current (from gear to servers to endpoint software).
- Verify software settings are in line with security best practices (e.g., Microsoft Office Trust Center Settings such as Protected View and Macro Security).
- Verify that user access and user roles are set to correct permissions.
- Use drive encryption on local machines.
EXTERNAL DEFENSES SUGGESTIONS:
If I’m the bad guy, what information can I get from the outside? I can collect tons of information about your firm, simply by studying your website. I can get names of authors and email addresses. I can find out what versions of software you are using. All of this is being collected to find the chink in your armor.
What should you do?
- Scrub all metadata from content accessible from the outside
- Ensure you have the ability to add and remove people and permissions quickly and easily
- Utilize detect, flag and alert solutions that analyze behaviors and do threat protection
- Take advantage of AI machine learning
- Stay abreast of new technologies as they become available
- Implement Mobile Device Management (MDM)
- Always utilize Multifactor Authentication (MFA) for all business and personal accounts
Remember, people will have grace if you get fooled. They will not have grace if you know how to prevent an attack and you didn’t take the necessary measures to prevent it.
We are currently in a state of heightened awareness regarding information security. That gives us a real opportunity for change.