There are four primary cyber security measures that every business should implement to secure its network. The cycle to follow includes: identification, protection, detection, and response.
- Identify risk. A company should identify and quantify the level of risk associated with information technology and its IT assets by completing and maintaining a written risk assessment.
Considerations that may be on the assessment include web-based interfaces, third-party risk, and physical security. A data flow diagram should also be in place so there is a clear understanding of how all assets are connected to the network and each other, segregated, and protected.
Organizations also need a comprehensive group of policies and procedures to govern their IT assets. These items are a roadmap and set expectations for the enterprise assets. Employees and owners cannot be expected to understand all relevant and critical expectations if they are not laid out in a clear, concise, written, and professional manner.
- Protect with controls. Upon identification of risks, a plan to mitigate and protect against those risks must be implemented.
Technical controls: Protective action incorporates the use of technical controls, including content filtering, anti-spam, anti-malware, endpoint protection, reputation services, quarantine/sandboxing services, and email filters, which will help to stop hackers from getting into your organization.
Education: No matter the technical controls, some phishing and social engineering will likely make it past your defenses. This is why it is important to educate and test employees so they can spot and respond to phishing and other forms of social engineering before they become damaging.
Testing: Ensure all critical patches are tested and applied in a timely manner. Patches may need to be dispatched on operating systems, browsers, browser-add-ons, web server software, database software, and remote management software.
Enforcement: Ensure written password guidelines are current and enforced. This could include password length, complexity, and allowable attempts. Another best practice is to turn on account logons to lock out an account after so many guesses.
- Detect and monitor activity. Next, the organization should establish a baseline for normal operations. This will allow for early warning when the inevitable occurs.
Detection controls could include, intrusion detection systems, endpoint detection, network traffic analysis, or honeypots. An individual with the correct capabilities, either within the company or through a managed service provider, should be monitoring these systems on a daily, weekly, and monthly basis.
It is becoming more common for a hacker to have access to a system months before an exploit. This extra time allows the criminal to infiltrate your systems, explore your network and learn your habits, and understand what is important to you and the company. An early detection system could help discover these threats and shut them down (response) before a crisis strikes.
- Respond immediately. Breaches are common, and even with the best defenses, the worst can happen. If your data and credentials are stolen (and data encrypted), you will need to stop the damage the best you can, find out how the hackers got in, shut off continued access, and plot a recovery plan.
It is important to have an incident response management plan in place to address these items. The plan should address how to best protect and defend your organization, customers, and employees and should be updated regularly to include the ever-evolving threats.
And finally, once the threat is maintained, a business continuity management plan would need to be enacted quickly to get operations running and back to normal.
Behavior plays a key role in combatting cybercrime, and prevention is the best defense. The worst thing any business can do, is put off securing its network – a lack of attention to cyber prevention and security in this day and age becomes a matter of not if, but when. It is important to reevaluate at least annually.
Contact a KCoe advisor to learn more about protecting your business.