How to Prepare for a Cyber Attack
Cyber attacks happen every day of the year to businesses all over the world. While no one can give you a guarantee of perfect security, there are reasonable steps you can take in order to improve the security posture of your organization and decrease the likelihood of an incident.
- Enable and configure a firewall on your workstation or laptop (e.g. Windows Firewall).
- Install an anti-malware solution on your workstation or laptop and make sure it is automatically updating at least every day.
- Make sure that your workstation and laptop are up to date on Operating System updates (e.g. Windows Update). Be sure that these updates are happening regularly and no less than once per month.
- Make sure that the applications on your workstation and laptop are up to date. Common examples of vulnerable software include Adobe Acrobat, Java, and various web browsers.
- Do not use "cracked," illegal or unlicensed software.
- Setup automatic screen locks to secure your workstation or laptop if left unattended.
- Implement disk encryption on your laptops and workstation (e.g. Microsoft Bitlocker) to prevent a data breach if a device is stolen.
Server and Application Security
- Enable and configure a firewall on your server systems and make sure your applications have appropriate access controls in place.
- Similar to your workstation, ensure that your server operating systems are up to date with the latest security patches. If you have a server that is no longer recieving software updates (end of life) schedule an upgrade to a more current operating system.
- Setup two-factor authentication (2FA) for any remote access to your network including SSL/VPN and Webmail.
- Configure your servers and applications to utilize TLS encryption where possible and tune your cipher sets to prevent the use of weak or broken encryption methods.
- Setup a secure log repository to export and retain security logging information from your servers, applications, firewalls, anti-malware solution and other network devices.
- Design your network with segmentation in mind to "limit the blast radius" in the event that a device becomes compromised and prevent lateral spread of an exploit.
- Install and configure a next-generation firewall (NGFW) with intrusion prevention (IPS) capabilities.
- If you use WiFi for access to your business network, secure it using a RADIUS based authentication system instead of a fixed pre-shared key (PSK).
- Perform periodic vulnerability scanning of your network, both internally and externally, in order to idenfity and fix vulnerable devices and applications.
- Perform periodic vulnerability scanning against your WiFi networks and validate that you do not have "rogue" access points connected to your network.
- Create a formal information security policy and communicate these expectations to your entire organization.
- Work with Human Resources to create a role based access control program, mapping individual job roles to secured systems or application permissions. Utilize this RBAC information to structure your IT security controls and audit compliance.
- Formally document any exceptions to the role based accesss control program.
- Perform a periodic review and analysis of your IT security program against current industry best practice frameworks.
- Establish procurement guidelines which source IT systems, hardware and software from reputable organizations.
While these steps are not a guarantee of perfect security, they will help your overall security posture and lower the liklihood of an attack, or worse still, a breach.