Security awareness may be the single most important thing you can do to protect your employees and your organization. In 2017, 90% of security attacks where phishing attacks. This points to the fact that your employees can become your biggest tool in preventing future cyber attacks. Security Awareness training should be mandatory at your organization, this not only helps keep your business safe, it will keep your employees safer at home. Come up with a way to make the Security Awareness training fun and steer clear of self-paced video or ”death by powerpoint” and cover topics that can be utilized outside of work as well:
- Online Shopping
- Internet of Things (IOT) Devices
Last but not least, perfom a phishing campaign. These 7 Email Best Practices to Keep Employees Safe from Phishing is a good place to start.
2. Threat Hunting - The process of proactively searching through networks to detect and isolate advanced cyber threats that evade existing security solutions.
In order to successfully hunt threats, you must first ensure that you understand your environment and stay educated on attack trends. Use automation tools to determine what threats exist in your environment and then take a proactive approach to securing your infrastructure. It is also imperative that you put yourself in the shoes of the attacker. If you think like an attacker, you might be able to stay two steps ahead of one.
Threat hunting helps you find and identify a breach once it has taken place. However, this should be complimentary to your security suite, not used in place of traditional solutions like a security information and event management (SIEM) software product combined with managed security services. For more information on threat hunting check out this blog, Open Season: Tips for a Successful Threat Hunt.
3. Next Generation Firewall (NGFW) – A next generation firewall is part of a third generation firewall technology that combines a traditional firewall with advanced security features.
If you’re a business and do not have a NGFW device with the common security features on, tuned, and monitored, you are placing your company at significant risk. It is also possible that you have already been breached. If you are thinking about choosing a new firewall, check out these 5 things to consider when choosing the right Firewall for your SMB. It is important to have a Next Generation Firewall at the edge of your network. Fortinet makes excellent Next Generation Firewalls but review the NSS Labs reports and go with a brand that works for your environment.
4. Deep Packet Inspection (DPI) – Deep Packet Inspection is a form of computer network packet filtering that examines the data part of a packet looking for viruses and intrusions.
Deep packet inspection (DPI) is something that any next generation firewall (NGFW) can do for you. It will put significant drain on your device, but is well worth it. Before you set this up, though, make sure you have the throughput on your NGFW to support this task! Deep Packet Inspection is also referred to as SSL inspection. As more services and devices use encryption, the more malicious entities are going to use that as an attack vector by simulating a trusted, encrypted, info packet. SSL attacks are becoming increasingly popular so verify that SSL Deep packet inspection is being utilized, especially on inbound traffic. Protect your webservers with SSL certificates so that they can decrypt the traffic. Learn more about why you should use SSL inspection.
5. Educate yourself on attack trends
Knowledge is power. Be aware of any attacks that are trending. You might have vulnerabilities lurking in the environment(s) you support that you didn’t know existed. Subscribe to a publication such as SANS.org to receive breach notifications. This will allow you to keep up with any high profile compromises/risks. Additionally, it’s important to learn about common vulnerabilities based on your enterprise. Sometimes, certain types of attack vectors are used to target certain industries. And always be aware!
Istonish offers an industry best practice IT security assessment that is affordable, comprehensive, and practical. Download a detailed sample vulnerability assessment and risk analysis report!