4 Good Habits of a Secured Business and What You Can Learn from Them
Hardly a day goes by without revelations in the media about the latest Business IT Security breach. Even the most prestigious organisations have had customer’s financial data stolen, subjected to ransomware, or simply seen their websites defaced.
As companies reacted to the pandemic, many paid less attention to Business IT Security. The cybercriminals have also moved online, with malware, DDoS, and ransomware attacks increasing in frequency and ferocity.
Even Government is susceptible. In South Africa, the Department of Justice had the personal data of about 1.4 Million people stolen. Later in the year, their systems were offline for several days after a ransomware attack.
In June, there was a major data leak at a major player in SA’s insurance industry. It was hit by a data breach in which bank account numbers and sensitive personal and financial information were compromised by a third party.
These are the major incidents we are aware of. There will be other unreported ones.
Prevention and Mitigation
What must IT do to beef up their Business IT Security and mitigate the effects of such attacks and recover to normal service levels as quickly as possible?
Four Good Habits include
-
People Management
Many pundits consider that the greatest threat to IT security lies between the keyboard and the chairback. People often see security as a hindrance and will attempt to circumvent it. They commit acts of omission and commission that cause security breaches.
The organisation needs robust and easily policed policies and procedures for desktop and user security. From Induction to Exit, users need regular reminding of policy and procedure and updates on the latest threats they may encounter.
For example, the FBI think that over 70% of all breaches happen following a phishing attack. Users need to be trained in recognising an attack and what to do if they suspect they have been attacked. Password security is an educational must.
-
Systems Management – Desktop and Central System Management
Desktop Management
Several things can be easily implemented here.
-
- LockdownThe most effective approach is to create standard desktop configurations which are rolled out to each desktop. The user cannot modify the system parameters, in particular, cannot install software and is restricted to only those applications that are necessary for them to carry out their job function.
- Malware ProtectionAll desktops must have an up to date copy of anti-malware software. It should be able to be centrally managed, pushing updates out to desktops. Pausing it or switching it off by the user should be prevented.
- Attached devicesUsers will attach devices to desktop and laptop computers to transfer personal and corporate data. These can be smart devices like smartphones, mobile data stores like flash drives and not so much nowadays, CDs or DVDs. Data transfer between the desktop and portable devices must be prevented.If possible and practical, unused USB ports should be disabled.
- Data TransferIn addition to physical devices, data can be transferred using public online data storage like OneDrive, DropBox and Google Drive. If users have unrestricted access to online data stores, this is an easy conduit to export confidential data and import malware.Access to these stores should be prevented. In some cases, Internet access should be restricted to known sites only.
In a similar vein, another transport vehicle for data theft and malware is email. Confidential data can leave the company in file attachments, and malware can come in via email.
Some organisations restrict users to a centrally maintained email address list and ban inbound and outbound attachments.
Central Systems Management
A discussion around central defences is beyond the scope of this document. However, the core systems must have industrial strength peripheral defences. Monitoring for potential attacks using a real-time network traffic monitor that identifies and alerts when finding unusual data patterns is one good example.
-
-
BYOD Threats
Remote access to systems and working from home mean that internal and external users can use devices of their choosing, rather than those specified and configure by IT. In most cases, users will not want their personal systems wiped and reinstalled with the corporate software environment. BYOD is a reality in many organisations.
The mechanisms for remote access must include anti-malware protection and be part of the overall security environment. Security is therefore applied at the corporate end, and restricting connection to using a VPN. The VPN will have a client component installed on the remote device. There will be an encrypted connection and secure password access to the client and to corporate assets.
-
Backup, Backup, Backup.
A very good, and absolutely essential habit is to keep secure backups of all systems and data.
Users have a tendency to forget to backup essential data stored on their desktops. Either force them to save to a network resource by configuring desktop applications appropriately, or take network backups of their systems overnight.
Often the quickest way to recover from a ransomware attack is to go to bare metal and reload entire systems from the latest clean backup.
An organisation needs robust, secure and ransomware-resistant backup procedures. One important point is to check the backups. It wouldn’t be the first time that a backup has been unusable.
The FBI says that the only secure system is one that has not been hacked yet. Hopefully, these hints will give some guidance on what will help create a secure environment.