5 Steps to Get Your Cyber Security Program on Track in 2018

I hear organizations say it every year – “This is the year we’re going to get serious about security.”  They usually mean it, too. Unfortunately, whether it’s due to the day-to-day drudgery of “keeping the lights on” or the pressure to innovate elsewhere in the business, they often fail to execute on those good intentions.

Security initiatives are easy to put off because you don’t see the return on investment right away. In fact, you may never see it, unless you happen to be specifically looking for it following an incident. If that’s the case, then suddenly security initiatives take center stage.

Well, we’re starting a new year and so there’s no better time to focus on the security items potentially left lagging in 2017. Below are five of the easiest ways to get your security game back on track quickly and effectively.

1. Patch Your Systems

Many of us know how easy it is to get behind on patching. Every month, we can count on Microsoft to release their latest set of patches in addition to everything else that needs regular updating. Miss a month or two and you can start feeling very behind. At a certain point, you get so behind that you figure why even bother.

However, I could argue failing to install the latest security patches on systems is the #1 reason companies get into trouble, making it the perfect place to start with getting your program on track for the new year. Consider just this one example from 2017.  According to the Washington Times, failure to patch cost Equifax $140M in 2017 and most of their executives their annual bonus due to what many are calling the most impactful data breach in history. When all is said and done, this incident could end up costing Equifax billions according to The Wall Street Journal. All of that from missed patches.

When I say “patch your systems,” I’m not talking about just Windows, either. Network devices, Linux/Unix servers, third-party applications, and anti-malware clients all need to be updated. It’s a simple way to ensure you don’t get burned by an exploit that was first discovered months or even years earlier.

2. Upgrade Outdated Systems

It’s not all that different from patching but it’s just as important. Still running Exchange on a Windows 2003 server? Or perhaps you have a handful of executives running Windows XP because they don’t have time to learn a new system? Now is the time to pull those systems into 2018. Outdated systems that can no longer be patched provide the bad guys with a treasure trove of ways to gain unauthorized access into your network.

If you’ve been thinking of moving to the cloud, these are the best systems to start with because you can use security as the business case for upgrading them and leverage cloud solutions as an alternative solution.

3. Secure Remote Access with Multifactor Authentication (MFA)

This is particularly important if you’ve migrated to the cloud. You know how you wanted to let your employees log in from their home computers? Well, when you did that you also gave the bad guys the ability to do the same thing if they get that user’s credentials (usually via phishing). Same goes for VPN and mobile devices (especially if you’re not using an MDM solution).  Most MFA solutions will give you the ability to put MFA on multiple systems using the same token, typically an app installed on a mobile phone. If you’re allowing your employees to access your systems directly from the Internet, it’s critical they be safeguarded with MFA.

4. Get Some Visibility

This one can become expensive, but it’s well worth it. Prevention is important but, at some point, unauthorized activity is going to occur and when it does you’ll want to be able to detect it or go back and find out what happened. There are two parts to ensuring you’re getting all the information you need. The first is to enable logging on your devices. At a minimum, ensure logging is enabled and properly configured on critical network infrastructure (firewalls, routers, core switches, wireless controllers), servers (domain controllers, DNS, DHCP) and major applications. Once you know you’re capturing the right data at the device level, I recommend centralizing the monitoring by sending all the logs to a Security Incident and Event Management (SIEM) system.

Now that you’ve got all the logs in one place, you can start creating automated alerting when bad things happen. Changes to network devices, additions to sensitive Active Directory security groups, and malware notifications from your antivirus system are a great place to start. As you continue digging into the logs and seeing normal behavior, you can better define what abnormal behavior looks like and alert on it. Without this visibility, you’re essentially blind to what’s happening right under your nose.

5. Review and Enhance Your Email and Web Security Solutions

The bad guys typically gain a foothold into your systems via email and Internet links so it makes sense that you would want to secure and monitor those systems very closely. These are also the systems we’re inclined to open up for our users (especially the executives). Start by reviewing your whitelists and make sure that everything on there still has a business case for opening access. Also, be sure to look at your data loss prevention (DLP) rules so that they’re up to date with all the changes that went on during 2017. Specific to email, I’d recommend looking at everyone in the organization’s auto forwarding rules and to make sure there’s nothing suspicious. You can usually do this quickly with PowerShell or some other scripting tool. As for the Internet, tighten up your web blocking rules. The bad guys love getting users to click on malicious links and blocking unnecessary sites is the best way to protect your users from themselves.

What’s next: Find a partner who can help

Arraya’s Cyber Security Services have solutions and personnel to partner with you to implement effective security strategy and controls. Our advisory services, architecture and tools, and managed services can be leveraged to offload day-to-day security blocking and tackling tasks so you can focus on moving your business forward. To start a conversation, contact us at https://www.arrayasolutions.com//contact-us/.