1. Establish cyber security policies and all employees:
Educate employees on security policies and best practices. This provides clear expectations for their use on your network. Your users are the best network baseline you have. When you empower them, they will raise the alarm, when something seems different.
2. Perform network and physical security audits and have a course of action plan ready:
Reviewing your network and physical security policies is a must in today’s world; as technology changes, so will your policies. Preform network vulnerability scans weekly, this provides you with a clear picture of your network's security posture. Installing network security monitoring software provides you with real time network behavior, helping you identify threats on your network.
3. Upgrade software with the latest security patch:
Setting automatic updates is not all that bad and in fact it is highly recommended. Keeping your software up to date lowers your risk from against software vulnerabilities. The less vulnerabilities you have, the less exploits, viruses, and malware attacks can be performed on your network.
4. Protect network devices against viruses, spyware and malware code:
Installing all network devices with antivirus and anti-malware protection is a must. This coupled with network monitoring software will ensure the virus protection software is running, up to date, and not disabled. Have your network administrators do random manual checks from time to time.
5. Physically secure equipment and unused device ports:
Ensure device hardware and data isn't compromised by protecting physical equipment. Network routers, switches and server room access should be under lock and key. Review tamper stickers and secured access location often, to ensure no unauthorized access has occurred.
Data-at-rest encryption provides an extra layer of security. Automatically encrypting data saved on any storage medium, makes it harder for hackers to use the stolen data.
7. Use strong authentication methods:
Implement two-factor authentication features, to approve access to your network. Using authentication tokens or mobile apps coupled with passwords, provides some of the strongest authentication methods available for your users.
8. Secure external network access:
Ensure your network has a secure VPN connection for traveling and working from home employees. Mandating strong authentication, such as one-time password tokens or certificate-base smart cards will greatly increase the security of the approved connection to your network.
9. Define strong security policies for administrator accounts:
Implementing strong authentication for admins accounts will ensure login credentials are not easily compromised. Review all admin accounts monthly to remove or disable unused accounts, this applies to user accounts as well.
10. Mobile devices, tablets, USB sticks and other devices:
These devices normally increase the risk of attacks. Having employees connect their personal devices to your network increases the chance of compromise and infections. Ensure the company has clear policies to address this issue and clearly state if they can or cannot connect personal devices to your network.
- Disable macro scripts from office files and prevent the transmittations of them over e-mail.
- Outline within the companies policy to restrict software or other programs from executing and/or installing into system or network folders (ie. temp folders).
- Have polices for backing up data regularly and verify the backs afterwords. (ie. daily, weekly, monthly, quarteraly, yearly)
- Never keep your backups in one area only. Have cold storage, warm storage and off-sight locations.
- Educate your employees on ransomware and how they are the first step to protecting your business’s data.
- Keep operating systems, software, and firmware up todate and have a patch management policy.
- Validate all antivirus and anti-malware applications are automatically updated and conduct regular scans. These configurations must be enabled.
- Hold tight access of privileged accounts—no regular use of administrative access unless absolutely nessesary.
- Proper configuration of the companies network is a must. Access controls to include file, directory, and network shares should have the approprate permissions set.
- User should only have the minumal access required to read specific information or write files to directories.
- Implement relevant and re-occuring trianing, specific to end-user positions to re-emphsize the importance of each position within an organization.