Organisations in the COVID-19 pandemic era have been forced to look at their security hygiene best practices in order to minimise risk, data leakage and non-compliance, while still allowing for operational flexibility and efficiency.
Employees have increasingly been both allowed and encouraged to use their own devices to remotely connect to the corporate network. As a result, connectivity and digital resources at the office as well as the home have become more intertwined, meaning that minimising risk has become more critical than ever.
Cyber hygiene refers to the practices and steps that companies need to take to maintain system health and improve online security. In my opinion, cyber hygiene has not changed significantly over the past year or two, but has just become more relevant to apply, due to the complexity of whether networks are operational on premises, in the cloud or following a hybrid model.
When implementing your cyber hygiene practices, you must start with the basics. Your employees need to use strong password protection and authentication. Simple passwords can make access easy and allow threat actors to gain entry to the company’s network. It is a good idea for the network managers to ensure regular password changes by all employees, so that access to the network is periodically changed. This can occur at intervals of every three, six or nine months, for example, depending on your company’s aptitude to manage it and not lose productivity.
Implementation of two-factor and multi-factor authentication is necessary to create strong access management, particularly when it comes to sensitive network areas. Asking your employees to take at least one extra step when logging in, for example needing to input a temporary code that is sent to a smartphone, adds an extra layer of protection. Having just one password in place, without further authentication requirements, makes it much easier for threat actors to gain access to your network and/or your financial data.
In addition, it is important to section portions of the network so that individual users are able to access only what they need to complete their role. This means that if a staff member’s credentials are compromised, limitations on their side will in turn help to limit an intruder’s unlawful access.
The ‘bare minimum’ cybersecurity requirements for any business in which people work both remotely as well as from an office include a next-generation antivirus that is up to date, connecting to your corporate firewall that will steer all traffic through it and thereby protect your edge devices from the outside.
Software updates are an extremely important part of the cyber hygiene strategy. Thousands of vulnerabilities are identified daily from previously unsuspected products and trusted vendors as the cyber threat evolves. Therefore, it is necessary to manage what employees are installing onto their work devices and ensure that they are not adding anything that could bring risk to your organisation. If you aren’t managing this, you are making your network more vulnerable and leaving yourself open to attacks.
Enterprise networks with thousands of IPs to manage need to invest in a leading vulnerability management tool, that will allow you to take daily snapshots to allow your team to prioritise patching.
At Networks Unlimited, we embraced remote working for our employees and took steps to keep the edge secure as follows:
- We have an advanced email security;
- End detect and response for all endpoints (servers and notebook);
- Next generation firewall with sandboxing;
- VPN services for connection to the corporate network; and
- Vulnerability management.
Finally, the importance of keeping your employees using email safely has increased dramatically, as this is the preferred attack vector of choice. Phishers are constantly trying to lure people into clicking on malicious links – which could have viruses and malware embedded in them – that may result in a security breach.
A good way to educate your employees about email safety is to implement phishing awareness and training by putting a system into place that runs internal simulations with your employees, to educate and inform them without compromising the network.
We are currently seeing more and more spoofing via the man-in-the-middle attacks, which involves three players: the victim; the entity with which the victim is trying to communicate; and the ‘man in the middle’, which is a threat actor trying to intercept the victim’s communications. Attackers are spoofing IP addresses and tricking their victims into thinking that they are interacting with a website or a legitimate person, but they are actually giving the attacker their details instead.
The importance of education and simulation programmes for your employees is critical. After all, you can only place a value on awareness once your enterprise has been breached.
With all of these recommended cyber hygiene practices, you ultimately don’t want to be ‘closing the stable door after the horse has bolted’.
By Stefan van de Giessen, General Manager: Cybersecurity at Networks Unlimited Africa