The advent of spring is the perfect time to do some spring cleaning. It's also good timing for IT teams to do some "spring cleaning" to help dust off their security practices and better accommodate the cyber threats that target their business daily.
1. Don't overstretch your ports
One of the first things any IT team should do when performing a "spring cleaning" of their security stance is to check the open management ports within their network. While open ports can make certain IT activities easier and more accessible, it is also a source of vectors that can be exploited by hackers to attack your network and gain preferential access to your devices. With an ever-expanding attack surface that includes the Internet of Things (IoT) and operational technology (OT) devices, it's critical to ensure that ports you don't necessarily need are closed.
2. Perform all required updates
IT teams are often overburdened, so it's understandable that such routine but important tasks as updating firmware and installing software patches are pushed to the back burner to deal with more urgent issues or put on hold so as not to disrupt the business. However, the inconvenience is minimal compared to the consequences of a hack. Many successful attacks could have been avoided by installing patches and firmware updates that are readily available and easily implemented.
3. Set Multi-Factor Authentication (MFA) as the rule rather than the exception
This is the ideal window of opportunity to adopt or expand the use of MFA (multi-factor authentication) for your company, your employees and yourself, especially with the advent of remote and hybrid work. If adopting a universal MFA policy seems too daunting, start with the most important areas and gradually incorporate it into more applications, services and devices over time. For example, workstations on your local network may be part of the second phase of your MFA adoption policy, while all those using remote access will require it immediately. Also consider your most sensitive information and applications. Access to critical resources such as your financial information, employee data, etc., should only be available through strong authentication.
4. Map your network
Do you know where all the devices that have access to your network are located? Take a moment to create a map of the devices with a management interface (printers, routers, etc.) connected to your network. Network mapping allows IT teams to see real-time activity on their networks and detect problems faster, so they can be resolved more easily and efficiently.
5. Test your backup and disaster recovery procedures
It is recommended that you safeguard your data and information and have a well established disaster recovery plan. But it would be interesting to put these backups and procedures to the test. What happens when you initiate a recovery from a backup? Do you recover all the data you expected? Confirm the effectiveness of your business continuity plans before you really need them.
6. Delete accounts you don't use
Obsolete and unused accounts are often exploited as attack vectors. If your former contractors' and employees' accounts still exist, delete them. This also applies to unused applications and servers. Minimize the risk of attack where you can.
7. Train your employees
Humans, too, must adapt to changing threats. If your company conducts annual trainings to raise cybersecurity awareness and impart best practices, consider conducting a mid-year training as well. Threats, as well as your staff, change too quickly to rely on annual trainings. Send out fake phishing emails and see what happens, carelessly leave a USB drive lying around and see who uses it, etc.
8. Stop the hackers in their tracks
Anticipating attacks is important, but it is impossible to predict everything and sometimes these attacks do happen. So detection must also be a priority. Your security teams can quickly identify unusual behavior from simple system login audits. Is someone accessing sensitive data when they shouldn't? Are unknown users logging in from curious locations? Vigilance can counter both internal and external threats.
Comments