According to the Ponemon Institute’s 2016 Cybersecurity Trends Report, 66 percent of business and technology professionals surveyed identified phishing and social engineering as top threats. This shouldn’t be surprising, as phishing and social engineering are primary sources of malware infiltration such as ransomware.
Commonly, social engineering involves email or other communication that manipulates the recipient by tricking him or her into providing access to some kind of account, log-in, or financial information. Other methods of ingress for cyberattacks can come from shadow IT, which is unsanctioned applications used by employees or departments without IT’s knowledge.
Clearly, the human element is often the most prevalent weakness that businesses have when it comes to cybersecurity. While true end-to-end cybersecurity is an ongoing and constant effort to stay one step ahead of threats, here are 10 cybersecurity essentials that every business must have as a foundation.
1. Application Whitelisting
When it comes to shadow IT, the Cloud Security Alliance (CSA) Cloud Adoption Practices & Priorities Survey Report finds that most companies are only aware of 38 percent of custom cloud applications in use in their businesses. Initiating application whitelisting is a best practice for ensuring that only selected software applications run on computers and that all others are stopped as part of malware prevention.
Whitelisting can be accomplished with advanced application management tools, which should be bolstered with restricting administrative privileges to prevent unauthorized software from running. Like most essential cybersecurity approaches for businesses, whitelisting is a combination of policies and technology tools, which encompasses most of the cybersecurity essentials on this list.
2. Multi-Factor Authentication
Implementing multi-factor authentication (MFA) goes beyond account passwords. This is accomplished by adding stronger elements such as a passphrase or PIN, a physical token or software certificate, and/or biometric data such as a fingerprint scan.
3. Restrict Administrative Privileges
By restricting administrative privileges to only the personnel who need them, businesses can proactively provide a higher level of security to systems. This works hand in hand with MFA.
4. Consistent and Timely Application and OS Patch Management
Consistently and thoroughly patch applications and operating systems when they become available in order to eliminate vulnerabilities to target computers. This means implementing IT processes that ensure operating systems and applications on all computers are always updated.
5. Disable Untrusted Microsoft Office Macros
Disable untrusted Microsoft Office macros by configuring Office settings to block macros from the internet and only allow vetted macros. This eliminates a common ingress attack method and works in conjunction with patch management.
6. User Application Hardening
User application hardening such as blocking web browser access to Adobe Flash Player (uninstall if possible), web advertisements, and untrusted Java code on the internet are all part of safeguarding the network and help make next-generation firewalls more effective.
7. Implement Next-Generation Firewalls
Next-generation firewalls (NGFW) are network security systems that can detect and block sophisticated attacks by enforcing security policies at the application, port, and protocol level. These firewalls bring together:
- Packet filtering
- Network address translation
- URL blocking
- Virtual private networks (VPNs)
- Quality of Service (QoS) functionality
- SSL and SSH inspection
- Deep-packet inspection
- Reputation-based malware detection
- Application awareness
8. Implement a SIEM Solution
While this may be overkill for smaller businesses, at a certain point of network growth, a business should definitely implement a security information and event management (SIEM) solution for continuous incident detection and response. This set of integrated technologies enables real-time collection and historical analysis of security events across a broad number of sources.
9. Backup and Recovery
Daily backup of important data is critical to proactively guarding against ransomware and other malware that can encrypt, corrupt, or delete backups that are easily accessible. While a daily backup is essential, it also requires that the backup be disconnected from the network and also be periodically tested to ensure that the data will be accessible when needed.
10. Penetration Testing
By creating policies and practices for conducting regular penetration tests and vulnerability assessments, businesses can identify and secure possible points of failure within and outside of the network.
While not directly part of this list of cybersecurity essentials, employee training and protocols are key to ensuring that the human element of guarding against threat intrusion will be effective. This includes everything from how to avoid phishing emails to password and device management. By making cybersecurity part of the daily culture of the business, organizations can stop many of the most common intrusions and more easily adapt by educating their employees on emerging threats and how to guard against them.