5 Easy, High Value Ways to Bolster Your IT Security
Find the original post here.
Every day, the headlines fill your customers with fear. Companies shut down by ransomware. Hackers breaching defenses and stealing sensitive data. Reputational attacks against businesses. It’s overwhelming, massively stressful, and driving business leaders to ask what they need to do to reduce their risk.
What can a business do today to reduce the risk?
When it comes to IT security, firewalls, anti-virus and spam filtering aren’t enough. They’re the basics. Every business should be developing a more thorough security program that offers layered protection and appropriate security controls.
This approach must be proactive to start building trust in your technology investment and its ability to keep the company safe. Simply adding tools is not enough, security should become part of your regular IT conversations.
Here are 5 easy ways to bolster your IT security program.
Cisco Umbrella (OpenDNS)
Cisco Umbrella provides content filtering and malware blocking. By intelligently blocking infected websites, they reduce the risk of malware entering your network. Should something like ransomware breach your defenses, it blocks access to the command and control nodes, neutralizing it until your anti-virus product can remove it.
Cisco Umbrella is designed for managed service providers, with a great management interface, simple deployment scripts and more.
External Vulnerability Scanning
External vulnerability scanning is like making sure your doors and windows are locked when you leave your home. Scanning tools check your perimeter defenses for known vulnerabilities and provide a simple report for your team to remediate. Standards like CIS, PCI-DSS, ISO 27001 and SOC require or recommend at least quarterly vulnerability scans.
Security Awareness Training
Despite what the news says, most security breaches don’t come from complex technical hacks. Attacks are directed at the weakest link – people. Educating users on attacks and security is key to reducing the risk.
Security training doesn’t have to be exhaustive and boring – it should be tailored to the audience and provided broken up into small, manageable chunk. Companies like Ninjio and Simple Security (coming soon) offer great, bite size programs.
Website Vulnerability Scanning
Websites are the welcome mats for most businesses. It’s the first thing a prospective client sees. What happens if it’s been hijacked? I had a prospective client last year whose website was launching porn ads in the background. They were totally embarrassed and concerned about how many clients had seen it.
Most companies ignore the potential vulnerabilities in their websites, leaving an open invitation for hackers to deface them and use them to serve ads or malware.
Regular Mini Security Assessments
Nobody likes the word audit, so let’s use the term assessment. Assessments are essential to being sure the right settings and security controls are in place. When I do security assessments and audits, it’s a thorough process. There’s several elements of that assessment that should be done regularly:
- Inactive account check – disable any user inactive after 90 days
- Administrative account check – ensure only the correct administrative accounts are in place
- Remote access check – ensure that only the correct people have remote access
- Firewall rule review – use a tool like Nipper to review firewall rules
Many frameworks require that these processes are completed quarterly, except for firewall reviews, which are done semi-annually.
Don’t wait. Start today
For years, real security services have only been available to enterprises and through specialty service providers. The explosive growth of cyber-attacks made a solid security foundation a necessity every business
Don’t wait. No business deserves to be hacked.
Mike Knapp is an IT Project Superhero and Cyber-Security Simplifier with the goals of helping business be more successful and reducing the risk of cyber-attacks. He is a partner with Incrementa Consulting and the founder of Simple Security.