Are you wondering what you could be doing to enhance your cybersecurity posture? The following are five areas we see customers struggle with. Although acting on these five areas will not guarantee you will not have a cybersecurity incident, they will help you reduce your chances of an incident or reduce the impact of the incident on your organization.
The five areas we frequently see organizations lacking in are as follows:
- Keeping an updated inventory of all hardware and software.
- Encryption of laptops and portable devices and media.
- Ensuring backups are running correctly and are encrypted.
- Access to data is appropriate to an employee’s function.
- And finally, having an employee cybersecurity awareness program.
Let’s explore these subjects further so you can improve the strength of your cybersecurity program.
Hardware & Software Inventory
Keeping an up-to-date inventory of all hardware and software and its location in the enterprise is an important task to tackle. This inventory then becomes the basis of scoping out a monitoring system to identify unauthorized or unmanaged devices. Remember, you can only secure what you know.
This inventory should include:
- All end-user devices including portable and mobile devices
- Network devices including switches, routers, and firewalls
- IoT devices (internet-connected devices)
- Infrastructure devices like Servers, virtual systems, and remote access devices.
These devices should all be consistently monitored for security events and anomalies.
Encrypting Company Devices
While you are examining your hardware and software, now is the time to encrypt portable assets like laptops and mobile devices. Anything that can easily transport data outside of your network should be encrypted even if it does not have data on it at this time. Should a laptop or portable device end up missing, proving it was encrypted could keep you from having to send a data breach notification to your clients, potentially damaging your reputation.
Protecting Backup Devices
Do not forget to encrypt your backup devices while you are looking at your laptops and portable devices. After all, a portable drive or backup tape can be easily picked up and walked off with or simply be misplaced.
It is essential to make sure that your backups are running correctly. Organizations typically use backups to recover data should a hardware failure occur or an employee accidentally overwrites or corrupts a file. Did you know backups are a critical part of not paying the ransom should a ransomware attack encrypt your data? Your data may be a day or two old on the backups, but paying a ransom could cost you more than recreating data if you have proper backups.
Monitoring Employee Access
In cybersecurity, we talk about access being appropriate to employees’ job functions. By examining the access an employee has to company data, you can mitigate several risks. Suppose an employee has access to critical financial information that doesn’t apply to their job function. Should they become upset with your company, they could leak sensitive information. In a ransomware attack, the ransomware can only encrypt what it has access to. Therefore, limiting the access employees have could to your company data may delay or reduce the effectiveness of ransomware.
Educating Employees on Cybersecurity
Employee awareness training is a great control to help keep ransomware out of your network. By training your employees, you reinforce policies and reduce the risk of an employee falling victim to a cybersecurity attack. Employee awareness training is often the most effective control against an attack. After all, it can be much easier to compromise an employee than to attack a technical control head-on.
Phishing testing is an excellent way of doing a risk assessment on your employees to find out those most likely to help an attacker get further into the network unwillingly.
Unfortunately, we have moved into a time where it is not a matter of if you will have a cybersecurity incident; it is when. While addressing inventories, encryption, backups, employee access to data, and cybersecurity awareness training can help limit the impact against your organization, they will not eliminate the possibility of an incident. Companies must have a robust cybersecurity program regardless of how large or small they may be. Examine your organization’s cybersecurity preparedness and look for areas of vulnerabilities today.
This article was written by Jason Schaller, Director of Security Services at Anderson ZurMuehlen Technology Services.