Step 1: Train your employees to be security savvy
Some of the most basic, “expected” tools in security are often those most overlooked. Your first step to defense from cyber criminals is your employees. Having a security training program in place and creating policies to assist employees is necessary for your employees to protect themselves and your company. Here are some questions to consider:
- Are you providing security training sessions, online or in-person?
- Are you frequently communicating your security policies and guidelines?
- Do you require employees to use strong passwords and change them on a re-occuring schedule?
- Do you deploy multi-factor authentication or password management tools?
- Do mandate automatic updates, and the installation of security patches?
- Are you training your employees on how to avoid email phishing attacks?
These are all important factors to securing your company’s assets from the front lines, your employees.
Step 2: Strengthen your network at the core and at the edge
Most companies have the right tools in place to be safe: SIEMs, Next-Generation Firewalls, Intrusion Prevention Systems, Virus Scanners, Web Application Firewalls, etc. However, many companies also face the daunting challenge of managing, monitoring, configuring, and properly turning those very capable security devices. Without the proper expertise in place, attackers may sneak through the system, pivot to high-value assets, and exfiltrate confidential information without you noticing.
There are several steps you can take to protect your network from cyber threats. Fundamentally you should build layers of defenses to make it harder for attackers to break in. Here are defense mechanisms to consider:
- Aim to have your security devices work together. By cross-correlating events and alerts received from the different security devices, you can better distinguish the true attacks from the false positives.
- Stay up-to-date on the latest security incidents, APTs, and low and slow attacks, and ensure your security devices are properly patched.
- Have a dedicated team of certified security professionals continuously monitoring your networks. Human knowledge, experience and intuition is sometimes needed to detect a sophisticated attack that a machine cannot.
- If you don’t have the resources in-house to handle all of these tasks, consider using a managed security service provider (MSSP), or switching to a hybrid Security Operations Center (SOC). An MSSP protects you on a 24×7 basis, even when you’re asleep, and is more cost effective than doing it yourself.
Step 3: Identify and protect your highest-value assets
Companies have the best of intentions to protect their highest-value assets. The challenge is that identifying those assets is not trivial. And with businesses increasingly adopting cloud-based services, locating those distributed assets becomes even harder.
It is recommended sitting down with different teams in your organizations and mapping out diligently all your sensitive assets. Third party security consultants can help you go through this exercise in a structured manner. Once you identify your assets, ensure you enforce proper access control on each of the different groups you identify. A good rule of thumb is provide access only on a need-to-know basis.
However, identifying your assets, applying access control, and placing them behind firewalls, is not sufficient against insider threats or motivated attackers. To take your defense a step further, it is crucial to monitor those assets with a closer eye. This can be achieved with customized SIEM rules and behavioral analytics that apply business context modeling specific to your environment. You can probably wait if your janitor’s PC is being targeted, but you’ll want to be alerted right away if it’s your CEO’s computer.
If you’d like a free security consultation or have any questions on how you can further secure your company from hackers, we would love to hear from you.