(Note: this article is provided by fellow Akros Network member Fortress Security Risk Management)
Cyberthreats are increasing every day and businesses of all sizes and in all industries are constantly at risk of malware infections, insider threats, data breaches and ransomware attacks. To combat these threats, organizations must be proactive and create strong cybersecurity strategies to protect themselves.
Many organizations simply don’t know where to start on their journey to cybersecurity, so here are 6 steps that will make a huge impact and actually provide a tangible competitive advantage to any business.
Step 1: Get a Risk Assessment
Identifying and understanding cybersecurity vulnerabilities is critical because that awareness will lead to a prioritized list of security gaps and is the first step budgeting, planning, and remediating weaknesses.
Identifying and understanding cybersecurity vulnerabilities is critical because that awareness will lead to a prioritized A risk assessment will identify the assets that could be impacted by a cyber-attack: critical operational and financial data, consumer and employee data, intellectual property, and where that data resides – servers, laptops, and network hardware. An assessment will reveal the risks unauthorized access to those assets could create for the organization. Having a quality assessment is a critical component of cyber safety.
After an assessment is completed, organizations should select a set of cybersecurity standards to use as a framework, and this framework should be appropriate to the risks the organization faces and the industry they are in. Established standards include: NIST CSF (National Institute of Standards and Technology Cybersecurity Framework), NIST 800-171, NIST 800-53, FedRAMP (Federal Risk and Authorization Management Program), ISO 27000, and CIS (Center for Internet Security “Critical Security Controls for Effective Cyber Defense.)
Organizations that are regulated by the following frameworks may use them as a cybersecurity control: PCI DSS (Payment Card Industry’s Data Security Standards), HIPAA (Health Insurance Portability and Accountability Act), GLBA (Gramm-Leach-Bliley Act), HITECH (Health Information Technology for Economic and Clinical Health Act), and FISMA (Federal Information Security Modernization Act).
Assessments help an organization understand its cybersecurity risks and can help it make appropriate cybersecurity choices, so it can defend against threats that are likely to happen. Assessments give organizations clarity to what they need to improve upon and the items that they are excelling at.
Step 2: Training – The Human Firewall
Researchers from Stanford University found that approximately 88 percent of all data breaches are caused by an employee mistake. Training employees to be cyber aware is one of the most impactful ways to increase an organization’s cybersecurity.
Cybersecurity awareness training should emphasize the importance of data security and the responsibility of each employee to protect the organization’s data. Remember, both organizations and its employees have legal and regulatory obligations to protect the privacy, integrity, and confidentiality of its data.
Empowering your employees to recognize cybersecurity threats is your organization’s first line of defense on the cybersecurity battleground. Cybersecurity training typically covers:
- Why cybersecurity procedures are necessary and important
- How to create strong passwords
- Email handling, including how to recognize and address phishing attempts and avoid malicious file downloads
- Protecting mobile devices that are used outside of the organization’s facilities
- Understanding what to do and who to contact if a security incident occurs
- The need to limit access to data to only authorized personnel
- How to protect information when working remotely
- How to identify and avoid social engineering attempts
Step 3: Multifactor Authentication
Multifactor Authentication (MFA), also known as Two Factor Authentication (2FA), requires a user to confirm their identity.
With MFA, a user must verify their identity by providing TWO pieces of information – their password and:
- Something they know, like a PIN or mother’s maiden name
- Something they have, like an authentication application or a confirmation text
- Something they are, like a fingerprint or facial identification
This second step makes unauthorized access much harder and dramatically helps improve an organization’s cybersecurity.
Step 4: High Efficacy Managed Patching
Software patches are a crucial form of protection against cyber-attacks because they fix known weaknesses that allows unauthorized access to a company’s devices and network.
Patching software is complicated and a resource drain and many internal IT departments simply don’t have the capability, capacity, or focus to achieve and maintain a patching program, which is why many patches go uninstalled.
One solution to this issue is a managed patching program. Managed patching automates the process of delivering software patches to all devices in your technology environment and monitors which devices have been patched and which are vulnerable.
Step 5: Endpoint Detection and Response (EDR)
EDR is next generation, AI powered, heuristic software installed on an organization’s devices (such as its laptops, desktops, tablets, smartphones, and IoT devices) that monitors behavioral data to detect and respond to cybersecurity threats.
EDR provides more complete awareness of devices in your technology environment than antivirus tools, which only protect against known malware signatures. EDR is designed to detect and protect against malware, credential and login theft, phishing attempts, and other advanced security threats. EDR uses analytics to identify patterns and detect suspicious behavior, prevent malicious activity, and provide remediation to compromised devices. It also improves response time by storing behavioral data for future analysis.
Every business or organization, regardless of size, has on- and off-network devices that present cyber criminals a large attack vector. With remote workforces increasing, EDR is an important security tool to limit the risk of an organization’s devices and is a cybersecurity must-have.
Step 6: Managed Backup Strategy and Program
If a cyber incident happens, it is important to be able to restore affected systems and devices with clean, recent, and uncorrupted backup data. These 4 steps should guide your organization’s backup strategy:
- Determine what data should be backed up.
Yes, backing up everything would be ideal, but probably not possible, so every organization should decide what data is critical for survival, what data is needed to operate, and what data would be nice to have. - Determine how often data should be backed up.
A good rule of thumb is that backups should be done at least every 24 hours. - Determine how your data will be backed up.
Will you be doing a complete data backup, or incremental backup, where only changes are copied? Will your backup be done on a storage device on-premises, or in the cloud, or both? How will you ensure your backup data cannot be encrypted? Is it air gapped? - Test your backup and restore process.
When your backup process and system is in place, test it on a regular basis to ensure that it successfully backs up your data, and that data restores are done accurately. One key metric to cyber safety is Mean Time to Recovery – how long will it take to get your systems back online using your backups?
Cyber threats are constantly evolving and growing. Following these 6 steps: Assessments, Training, Multi-Factor Authentication, Patching, Endpoint Detection and Response, and Backups, will help your organization continue to keep up with the latest cyber threats.
To help protect companies from cyber-attacks, Fortress SRM provides full-spectrum cybersecurity services: Security Consulting, Incident Prevention, Managed Security, and Incident Response services. If your organization needs help improving its cybersecurity posture, please contact Fortress Security Risk Management.