Securing our resources is critical. This blog will highlight what companies – both big and small – can do now, and in the future, to help protect their information assets.

While the whole world is still trying to maneuver its way through this pandemic, bad actors are still looking for a payday. Below are a few key things that you can do to help keep your users, data, and organization out of the crosshairs.

'Quick'er Fixes

1) Review & Lockdown External Services

Make sure there is a business need for any systems and services that are open to the Internet. If there is no business requirement, restrict access. Additionally, consider requiring users to authenticate to the corporate VPN before accessing systems and services.

2) Perform Comprehensive Back-Ups With 'Offline' Back-Ups

Review your current back-up policy/procedures to ensure all of your business-critical data is being backed-up appropriately. Make sure that you administer your back-ups separately from the rest of your environment to prevent a scenario where ransomware impacts your back-ups.

3) Ensure Software & Anti-Virus are Up-To-Date

Make sure you are forcing software and anti-virus updates to protect your environment from known threats.

4) Security Awareness Training for Users

Require all users to attend security awareness training when hired and on an annual basis. These trainings should include best practices on how to select strong passwords, avoid social engineering attacks, etc. Consider testing user awareness with periodic social engineering campaigns. 

5) Restrict Admin Access & Avoid Credential Reuse

Restrict administrative access to only users who require it for business-critical functions. If a user needs administrative access, configure a separate 'admin' account for each user (e.g., msmith and adm-msmith). Additionally, make sure that no two accounts leverage the same password.

6) Enhanced Password Policy & Enforce Multifactor Authentication

Increase the password length to a minimum of 12 and prevent the use of 'dictionary' words in passwords. Additionally, ensure multifactor authentication is enforced on all Internet-accessible systems and services.

Longer Term Fixes

1) Enhance Architecture to Address Current Landscape

Ensure that security concerns are considered and addressed with any updates to the technology environment (e.g., supporting a remote workforce).

2) Continuous Vulnerability Management

Build a process to continuously monitor for, and address, vulnerabilities present within the environment. 

3) Enhance Logging & Monitoring Capabilities

Implement centralized logging and monitoring to assist in detecting and responding to security incidents.

4) Enhance & Test Incident Response Plan

Develop and implement an Incident Response Plan. Ensure that users are trained on their roles and responsibilities and consider conducting tabletop exercises.

5) Independent Testing of Environment

Find a trustworthy security partner to perform independent assessments against your environment to identify blind spots and opportunities for improvement.

Need some help?

Let us know. Feel free to reach out and we'll be happy to chat!

About the Authors

Ryan Bradbury, CISSP, OSCP
Principal Consultant & Cofounder

As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.

Mark Keppler, CISSP, CISA, QSA
Information Security Leader & Advisor

Mark brings over 20 years of experience in IT Risk and Security including PCI DSS compliance, risk assessment, security frameworks such as ISO and NIST. Mark served as Chief Information Security Officer of a financial services company where he redesigned and revamped the security program. Mark has served as the interim or virtual CISO for several organizations and holds the CISSP, CISA, PCI QSA, and ISO27001 Lead Auditor certifications.