Commandments of Cybersecurity
As an industry, we’ve evolved to address the challenges that today’s cyberthreat landscape presents, with both tactics and technology. We’ve not yet surmounted the challenges, but there are innovative minds in garages and boardrooms across the country trying to do just that. In the meantime, there are fundamentals that have stood the test of time and can help prevent successful cyber breaches from occurring despite the pace at which the landscape shifts.
Ensure that systems, applications, and users are patched. The importance of applying the latest security patches cannot be overstated.
Share preventions natively. The best chance of preventing cyberattacks and defeating adversaries is when effective security controls on the network, endpoint, and cloud operate together as parts of a single platform.
Implement a consistent security model, regardless of user location or device type. When there is the consistency of prevention across all locations, attackers lack the ability to gain an initial foothold in a less protected area and pivot to other parts of the organization.
Practice the principle of least privilege. Segmentation is a requirement, and micro-segmentation is fast becoming one. No one or no one thing needs to talk to everything.
Embrace advanced endpoint methodologies. Ensure that endpoint protection can share threat intelligence seamlessly across the network and endpoint, and prevent known and unknown malware on the endpoint itself.
Make safe application enablement a requirement. Security teams must be able to determine the exact identity of applications traversing the network, irrespective of port, protocol, evasive tactic or encryption (TLS/SSL or SSH), and apply safe application enablement policies based on business needs.
Gain leverage from threat intelligence. Controls and preventions are only as good as their visibility into known and unknown threats, and their ability to instrument security infrastructure that blocks what’s discovered.
Understand your threat environment. Depending on your organization, there is a certain set of malicious playbooks that will be run against you by cyber adversaries, using specific tools and techniques.
Aim for efficient consumption of new security technologies. Deploying and orchestrating siloed capabilities from multiple vendors is a struggle and could leave your organization exposed.
Think holistically about your prevention philosophy. Ensure that all of the decisions and investments made map back to a philosophy that strives to prevent successful cyberattacks, with the ultimate goal of making your organization safer and protecting our way of life in the digital age.
According to the government’s Cyber Security Breaches Survey 2018, more than 40% of businesses in the UK have experienced a cyber breach, and more than 70% say cybersecurity is a high priority for them. Yet less than a third of them have any kind of formal cybersecurity policies in place.
Anyone can be a target for cybercriminals
First and foremost, never assume that you won’t be hit by a cyber attack. If you’re lucky, it will never happen, but absolutely anyone can be a target because many attacks use automated software, which doesn’t necessarily discriminate. Small businesses may also be more likely to fall victim to security breaches because criminals consider them soft targets.
Passwords should be strong and unique
Although other forms of authentication exist, such as fingerprint scanners, passwords remain the most common way of logging into websites and systems. Don’t make life easy for criminals by using weak or easily guessed passwords like ‘Pa$$w0rd’ or ‘12345678’, and don’t reuse your passwords in different places.
Keep all software and hardware up to date
If possible, use automatic updates to keep your IT solutions up to date. Otherwise, ensure that you regularly check for updates, particularly those that include security patches.
Report any and all suspicious activity
It’s not necessary to report every single dodgy email you get, as long as they’re automatically getting sent to your spam folder, but if you see what you think might be a phishing attempt and it hasn’t been filtered out, tell your IT people. By getting the word out, you can make sure no one in your business falls victim to a scam.
Secure all devices including smartphones
In the modern workplace, it’s not just workstations and servers you need to be concerned with; many workers also carry phones and tablets that are connected to the corporate network via WiFi. These need to made secure or limited to a guest network because they present a potential entry point for hackers.
Identify your security weaknesses and fix them
All businesses should be aware of their weak points. That could include many things, including operating systems that are no longer supported, people who aren’t trained to spot phishing emails, routers that don’t use the latest security protocols and systems not configured to deliver the maximum security benefits.
Be careful when clicking links or files in emails
Booby-trapped files and websites are a favorite way for hackers to install malware or to steal data, and email is the most common way of getting people to open them. If you receive an email from someone you don’t know and it’s urging you to download a file or follow a link, stop and think about it first.
Lock your computer when you’re away from it
This is especially important if you’re using a laptop or other mobile device and you’re not in the office, because if criminals gain physical access to your computer, it’s no problem for them to install malware on it. To lock your system, simply press the Windows key and L. You’ll need your password or PIN to log back in.
Review your cybersecurity measures every year
Cybercriminals are always looking for new ways to rip people off, so cybersecurity cannot be considered as a one-off, static purchase. At least once a year, you should assess your current security solutions, to see if they’re still up to the task, and if they’re not, then you need to upgrade. This is also a good time to look at your security budget, to make sure it’s being spent effectively.
Make multiple backups, with at least one kept off-site
In the majority of cases, one backup will be enough if your main copy of data is damaged by mechanical failure or human error, but if you’re unlucky, your backup could be lost at the same time. The chances of your backups being affected increase when malware enters the equation.