Iโm finding that as I get older, my memory is starting to slowly fail me. You know that feeling when you walk into a room, and canโt remember what you came in there for? I know itโs not a unique experience, but itโs still pretty frustrating. Writing things down is helping, though. And in that same vein I wanted to write down a list of โdo it now!โ things that security practitioners shouldnโt forget.
Maybe some of these are already commonplace for youโif so, thatโs great! But often in my conversations with customers I discover that their security team has never done oneโor anyโof these things. So, before you start your next security project, make sure you cross all of these off your list first.
1. Back up your Active Directory servers
Folks, the number of organizations that have to rebuild their AD after a ransomware incident is downright heartbreaking. Donโt assume that โsomeoneโs doing it.โ It is likely that your domain controller is one of the most critical machines in your environment. Know that just doing snapshots arenโt sufficient. Microsoft offers guidance on doing a full backup of an AD server. Read up on the process, make a backup, and then test your restore to make sure it works!
2. Run a vulnerability scan
Maybe you trust your patch management solutionโmost donโt, but maybe youโre lucky! There are good reasons to run a scan anywayโone, because dealing with vulnerabilities in your environment isnโt simply about installing patches. Lots of other issues can be present on your assets that arenโt solved with a software update. Two, you may want to ensure that your patching solution isnโt misreporting failures. There may be breakdowns in your patching process that could come back to bite you. Check out Tenable, Rapid7, and Qualysโall CBTS partners!
3. Roll out multi-factor authentication for your webmail, remote desktop, and VPN systems
Yes, we know this one isnโt as easy as flipping a switch. But itโs also not as monumental an effort as you might be picturing in your head, either. Plenty of easy-to-deploy MFA solutionsโDuo, Okta, Microsoft, NetIQ, and Yubico (all CBTS partners)โare available for organizations of all sizes and technical capabilities, from physical keys (the most secure) to OTP tokencodes delivered by apps or hardware tokens, client certificates, push notifications from MFA apps, and of course, SMS-delivered tokencodes (the least secure but still viable). The absolute easiest way for an attacker to get into your network or data today is to steal credentials from an employee via social engineering, and reuse them, and MFA helps mitigate that risk. Itโs worth the work.
4. Perform simulated phishing
This helps work the other angle highlighted in the previous item: human misbehavior. At no point are your employees more attentive to security training than after they realize theyโve failed a phishing simulation. It is a fantastic opportunity to correct their behavior and train them for future attacks, as well gauge your user baseโs susceptibility to phishing so that you can improve overall training efforts. Check out Proofpoint, Cofense, and LivingSecurity for some great simulation optionsโall CBTS partners!
5. Find your risk inventory
Your security leaders should have one. If youโre the security leader, and you donโt, well, itโs time to write one! No need to be fancyโsimply fire up your favorite text editor and start listing the things that keep you up at night! Then, arrange them in order of priority, and start building a list of countermeasures. This rudimentary effort can birth a formal risk management practice, in which you gather input from stakeholders, establish more granular prioritization, and document current and future efforts to mitigate the risks. For a more approachable, step-by-step guide, check out NISTโs Risk Management Framework.
If that list seems daunting, feel free to enlist us to help! CBTSโ security team can assist with objective solution selection and design, consulting, assessment, and managed security services.
Continue Reading:
Five questions you’ll need to answer for an improved security posture in 2021
Cybersecurity outsourcing: How to keep flat budgets from adversely affecting your organization
