A successful cyber-attack can negatively impact your business in several ways including financial loss, loss of customers and a damaged reputation.
A recent ransomware attack on Colonial Pipeline forced the company to shut down its entire fuel distribution pipeline along the U.S east coast. The requested ransom of almost $5 million was paid immediately but operations didn’t resume until five days later.
Payment of ransom is no guarantee that you will get your data back or be able to resume business as usual. That’s why you need to make sure that your cybersecurity solution is robust. A cybersecurity health check will help you to identify vulnerabilities in your security controls and recommend measures for mitigating risks.
What to Look for When Performing a Cybersecurity Health Check
1. Password security policies
Inadequate password management can lead to security breaches. Unauthorized access to stored passwords can result in identity theft or access to high-level information.
Ensure that your password security policies enforce password management best practice which include the use of strong passwords and controls that ensure employees change passwords every three months.
Passwords should be at least 6-10 characters long and should use a combination of alphanumeric and special characters. Use password managers to store and encrypt all company passwords.
2. Internet access policies
Internet access policies include guidelines for how users should access and interact with the internet. During a cybersecurity health check you should ensure that security controls are in place to prevent users from accessing websites such as adult websites, torrent sites and any unsecured website that has the potential to expose the network to malware or other malicious content.
Monitor and scan any data sent or received via the internet and ensure that employees know how to securely share sensitive data and passwords. Ensure that controls are set up to prevent the improper use, installation, copying or distribution of proprietary or patented information on the internet.
3. Remote access policies
Remote devices present a challenge when it comes to secure connectivity, confidentiality and information security and compliance as they reside outside the firewalls and security controls of the in-office network.
A remote access policy defines the security requirements for users when accessing the company’s resources remotely. It should ensure that only those who need to connect remotely are given access, outline the device types that can be used to access the network and the compliance requirements for devices. E.g preventing devices from accessing the network if the operating system or antivirus software is out of date.
The policy should also define hardware and software specifications for remote access including antivirus/anti-malware and firewall software, enforce controls to ensure compliance with any required regulations, clearly define access and equipment ownership guidelines and responsibilities.
4. Email policies
Emails are the main form of communication in a business and a common target for cybercriminals who use them to deliver malware and viruses via attachments or links to fake websites in an attempt to steal login credentials.
An email policy documents the type of information users can and cannot share via email. Passwords, personal identifiable data and financial information should never be shared through email communications.
Use an encrypted email or messaging server to send and receive company information. Encryption ensures that messages intercepted by cybercriminals remain protected because they must be decrypted before they can be read. Also, employ spam filtering technology to automatically flag and quarantine emails that appear suspicious.
Employees should be trained to recognize phishing emails and understand the importance of not using personal email addresses for work-related communication.
6. Endpoint security
Employees should only connect to the network using company devices or approved BYOD devices. Create a BYOD policy to manage the use of personal devices in the work environment and update it frequently to cover emerging technologies and new types of devices.
Ensure employees understand the risks associated with public WiFi networks and that access to the corporate network should only be via VPN or a virtual desktop environment.
Consider increased security risks associated with the use of IoT (Internet of Things). Use continuous monitoring to observe network activity for all endpoint devices to detect and block threats in real-time.
7. Monitoring for insider threats
Your cybersecurity controls should also monitor insider threats. Employ policies and controls that detect and flag suspicious user activity. Automatically flag users trying to access data or applications that they don’t normally use or who suddenly gain access to confidential data. This may indicate an employee trying to steal information or a hacker accessing the network with stolen employee credentials.
Monitoring alerts you to potential threat activity before it occurs, and data gathered from threat incidents can help strengthen your security controls.
8. Use of MFA
A password policy that enforces strong passwords is a step in the right direction but multi-factor authentication provides a higher level of security. Hackers use brute-force attacks to attempt to guess username and password combinations. MFA (Multi-factor Authentication) adds an additional layer of security making it harder to guess credentials.
MFA requires a user to provide two or more verification factors to gain access to a resource. It includes two-factor authentication (2FA) which uses a username and password in addition to a PIN or security token which is sent to a mobile device. A third authentication using biometric data like a face scan or fingerprint can also be used.
Ensure that all users employ MFA, especially system administrations. This strengthens security as a hacker would need to possess all factors to gain access to a resource.
9. Backup systems
Backup systems help mitigate against natural disasters as well as ransomware attacks. If a disaster occurs, data backups must be readily accessible and easily restored.
Ensure that measures are in place to backup critical data and applications. Review backup logs and routinely test backups to confirm that data is current and usable.
Backup both on-premise and cloud data. Data stored in the cloud can also be targeted by ransomware. Make sure that you are clear on whether it’s your responsibility or the responsibility of the cloud provider to back up cloud data.
10. Incident response plans
An incident response plan (IRP) should clearly show how to document and remediate cyber-attacks and outline the steps required to get the system back up and running after an incident.
Your IRP needs to be well thought out and thoroughly tested taking into consideration the maximum amount of downtime your company can afford before service levels and revenue are negatively affected.
Incident response plans should also make use of advanced threat detection software, behavioral analysis tools and automated monitoring for identifying and responding to potential threats in real time.
11. Employee cybersecurity training measures
Cybersecurity awareness training provides employees with the skills and knowledge for using the company’s systems, data and networks. They should be able to identify and manage security risks and know how to report them.
Implement thorough and ongoing cybersecurity training to ensure employees know not to open emails from unknown sources and the process for reporting suspected phishing attacks to IT support.
Employees should know how to secure their workstations, emails, cloud accounts, how to keep mobile devices secure when off-premises and how to properly dispose of devices with sensitive information.
Training helps employees to understand the importance of the security controls in place to protect the network environment.