There is not a single industry anywhere in the world who are immune from the threat of some form of cyber-attack. Any attacks on your organization’s IT Network will be unpredictable in terms of the exact method of attack, but you can at least be poised to deflect and protect your company from such cyber-attacks with these 8 easy to follow steps.
1. Implement your CyberSecurity strategy from the top-down
Devise a security strategy, make sure Directors and Management understand the importance of your organization’s IT Network Security. The fundamental thing about security is knowing the risks involved and understanding what needs to be secured, namely what are your valuables/assets.
Only after a thorough risk assessment has been carried out can a proper security strategy then be formed and implemented. The importance of cyber-security should be something that senior management understands and supports, resulting in a top-down approach to implementation.
2. Create polices for the allocation of internal IT Resources
Once the importance of security issues is fully understood by management, organizations can then begin to create and implement polices on how to use, manage and allocate company resources to tackle cyber security.
It is vital to then develop and enforce policies and procedures for employees to follow, this will impact:
- The allocation of company IT resources – allowed and prohibited expenditure
- Change management procedures to be implemented across all IT systems and related policies
- Reevaluate risk and security posture at regular intervals
3. Network Security
Have a network design with a strong focus on cyber-security. Segment your network on logical system based zones so you can isolate/segregate critical business systems and be able to apply network security controls to them – firewall/inspect traffic between those zones. Protect your Internet Edge but also internal traffic (east-west), cover the most used vectors of attack (email, web)
Pay special attention to wireless connectivity – use strong authentication based on individual credentials or personal certificates, strong encryption (AES) and proper guest/BYOD access. Plan carefully, home and remote users access – they should have equal security controls as users on corporate networks.
Have a central point for system monitoring (SIEM) that is integrated within your environment and provides a single point that holds all relative logs/events for your systems. Monitor your network/user activity with qualified staff. Fine tune your IPS systems to use relative to your network environment security rules/signatures and to produce relevant alarms. Act on the alarms promptly.
Secure both user/management and physical access to your network assets. Apply only secure configuration using the vendor/standard recommended best practices. Have a lifecycle policy in place – aka review/renew security controls/equipment at regular intervals. Finally, ensure you have an up to date network diagram with HLD/LLD documents.
4. Protect your endpoints/servers
Always use legitimately supported software and hardware. Create and maintain a policy for patching and updates – keep up to date with patches and security updates.
Devise and maintain a hardware and software repository – know what you have in your network. Centrally manage your endpoint from OS and software point of view. Limit user rights to make changes to endpoint security:
- Never give normal users full access (admin)
- Limit execution controls/change configuration
- Create safe-lists of allowed software
- Disable unnecessary services
- Disable unnecessary peripheral devices and removable media access
- Disable auto-run capability if removable media access is deemed necessary
Accessing sensitive information should be done in a secure manner – proper access controls should be in place – secure and robust authentication mechanisms, use two-factor authentication for sensitive access, encryption for data in transit and rest. Monitoring of how sensitive data is handled and transferred should also be in place.
Use endpoint protection mechanism (Anti-Virus, Anti-Spyware, Software, Firewalls) which support centralised management and can be integrated with your network security controls and monitoring tools. Regularly backup all important data in a safe manner (encrypt and secure data in rest in motion) – this mitigates the effects of ransomware attacks. In case of a breach, have a plan to restore normal network operations for different scenarios but also remember to include steps for gathering data for forensic investigations to take place in the aftermath.
5. Train your personnel
Users should be aware of the ideas behind the implementation of security
measures, what threats are out there and what should raise their suspicion – simple things like:
- Non-solicited mails with strange hidden links – aka “Think before you click campaign”
- File attachment with general but well-sounding names
- Plugging/connecting unapproved media or personal devices into the network
Users should undergo training on:
- How to handle sensitive information
- Social Engineering training and be aware of the techniques used
- Report any strange activities or security incidents
The training and development of personnel should be a continuous process not a one-off occurrence to ensure topics are relevant, minimise any potential threats and so staff training can be scaled.
6. Remote/Home Users controls
Access risks for remote corporate users and create a policy on how to mitigate their usage. Use strong/two-factor authentication. Educate remote users on the importance of security and how to work with all security control mechanisms without sacrificing productivity.
Create and regularly update manuals on how to use and configure different security controls (aka VPN Clients etc.) Have a support and escalation procedure in place – this is done so users can work with all security controls in place and do not try to circumvent them. Protect data in transit and rest. Use a common security build for all remote workers – more secure, easier to operate and troubleshoot.
We cannot stress enough on the importance of constant monitoring. No environment is bullet proof and buying best of breed products does not guarantee top level of security. There is a lot of factors in play in every complex environment that has many cogs and bolts. The only predictable aspect about security is the unpredictability of the threats they pose (for example the human factor or administrator laziness). A link as strong as its weakest chain. A company should concentrate on having all protection/prevention mechanisms in place but should never forget to have visibility and monitoring tools in place.
Detect attacks and abnormal behaviour – both from outside and inside attacks. React to attacks – in a timely response to stop the spread of damage, can ensure that the attack is blocked in the future and could assist with a forensic investigation. Account for activity – you should have a complete understanding of how systems run, and how data and information is being used by users. Only then will you be able to detect deviations from the norm and act on them.
8. Test, test and test!
The only way to really know your security level is protecting your organization, is to regularly test it!
Security tests should cover all parts of your environment and should be performed on procedures/processes, network equipment, endpoint systems and personnel.
- Formal security audits that look at procedures and if they are being followed/enforced
- Automated vulnerability assessments – usually performed every 2-3 months and done internally
- Penetration tests – external annual security tests that usually give the most accurate information for the company’s security posture and effectiveness of all security measures deployed
- Social engineering tests on personnel – attempts to get employees to discard sensitive information to none-authorised people either via phone or in person or to get physical access to company restricted areas.
- HLD – High Level Design
- LLD – Low Level Design
- IT – Information Technology
- IPS – Intrusion Prevention System
- SIEM – combination of the SIM (Security Information Management) and SEM (Security Event Management) abbreviations
- OS – Operating System
- AES – Advanced Encryption Standard
- BYOD – Bring Your Own Device
- Social Engineering – a method in Penetration Testing when the security experts are trying to exploit the human personality into giving out sensitive information that could lead to a breach in security