Goodbye cold weather and hello spring! As you start your annual spring cleaning and prepare your home for the year ahead, we at Mapcom recommend taking a similar approach to cleaning and updating your “cyber-home” to reduce outside risks, which can be quite the undertaking. Our recommendation is to break down the effort into smaller, more manageable and easier-to-implement steps. Though not an all-inclusive list, the initial focus should be on access control, system configuration, and training a more cyber-aware workforce.
Access Control
Ask yourself “how are individuals entering your home”, or in other words, your network? Did they authenticate themselves using multiple factors of authentication? This is something they know (password), something the user has (token card), or something the user is (biometrics). Multifactor authentication provides another layer of authentication and adds barriers to a malicious user attempting to impersonate a credentialed user. Enforcing multifactor authentication and combining two or more independent credentials will help keep unauthorized personnel outside your cyber-home and network. In fact, Verizon’s 2015 Data Breach Investigation Report recommends multifactor authentication as one of two top mitigation strategies against cyberattacks (Verizon, 2015). More information on Multifactor Authentication and how to implement the technology can be accessed from the following article from Auth0: https://auth0.com/blog/different-ways-to-implement-multifactor/. Goodbye intruder, and hello multifactor authenticated friend!
System Configuration
Next, take a look at aging locks, windows, and doors to keep unwanted bugs and visitors out. Likewise, this can be done on your cyber-home or network by reviewing your configuration management plan and ensuring network-connected systems are on the most updated software release versions. Adam Meyer, a SANS member, recommends these plans not only be updated, but also regularly reviewed and audited. While the most recent software patch and version may offer the most security benefits, it is recommended to test critical business operations before upgrading software. The result of a good configuration management plan will minimize business impact, maintain effective security, and foster a collaborative relationship between IT operations and security.
Employee Cyber-Awareness Training
Implementing multifactor authentication and maintaining a robust configuration management plan will go a long way in keeping unwanted visitors outside of your cyber-home; however, it does not protect against all forms of cyberattack. You can minimize your cyber-home’s risk of intrusion by staying up-to-date with the current attack schemes, learning more about how to recognize suspicious behavior, and cyber-safe best practices (by investing the time to read this blog, you are well on your way!). Many attacks use social engineering or phishing to gain credentials or implant malicious software in a trusted network. This attack is one of the most difficult, though not impossible, to prevent with training. A major rule of thumb would be that if something seems “fishy,” it just may be a phishing scheme. Ask a trusted mentor or security advisor to verify your concerns. Engage your employees in training and educating them to recognize and respond accordingly to suspicious emails. Look at misspellings, domain names, digital certificates, attachments, preview links, and generally suspicious requests for credit card information, opening attachments, and username with password requests. There are numerous cybersecurity websites that produce quality training and education materials; my favorites include SANS.org, staysafeonline.org, NIST.gov, ISO.org, us-cert.gov, and krebsonsecurity.
Mapcom’s Contribution to Your Spring Cleaning
Here at Mapcom, our goal is to securely deliver software solutions designed to consolidate networks, integrate data, and accelerate opportunities. As a Mapcom customer in the maintenance plan, you are entitled to one free year of a cyber assessment tool! We recently partnered with a renowned Cybersecurity firm, Dynetics, to help strengthen our cyber posture and identify areas of improvement. Our clients can easily leverage this tool to identify your current level of effectiveness and prioritize areas in need of improvement. Please contact your Client Care Manager if you would like to learn more about this exciting opportunity.
We hope this article inspires your organization to brush up and improve your cyber-home. Stay tuned for more upcoming cyber blog posts on finding evil, responding to an incident, and educating users to identify phishing emails. Send us your feedback to help decide which is next.
Best of luck during this year’s spring cleaning of your cyber-home!
______________________________
Find out more:
Dynetics Partnership Press Release
Email Client Care | Call 804-743-1860 x240
References
Meyer, Adam. Security Laboratory. Configuration Management in the Security World.
SANS. Retrieved from https://www.sans.edu/cyber-research/security-laboratory/article/meyer-config-manage
Otemuyiwa, Prosper. “What are the Different Ways to Implement Multifactor Authentication.” Auth0, November 30th, 2016.
Retrieved from https://auth0.com/docs/multifactor-authentication
Verizon. (2015). Data Breach Investigations Report. Verizon Enterprise Solutions.
Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report_2015_en_xg.pdf