Last week we discussed “Document Best Practices Policies to support your Security Strengths” This week we discuss Maintaining Your Networks Software and Hardware Security for improving your cyber-risk profile the “BEST you can as FAST as you can.”
Network security is the key to keeping your sensitive information safe, and as more private data is stored and shared on vulnerable devices, network security will only continue to grow in importance and necessity. Documenting your Hardware and Software Inventory on a frequent basis is vital – to understand and update what steps are necessary for proper protection, and this documented current inventory may be requested by your Insurance Carrier to provide Cyber coverage.
All computer networks have vulnerabilities that leave you open to outside attacks. Network vulnerability is a condition of the network or its hardware, not the result of external action. One security strategy won’t be enough to fully protect your network. A combination of different security solutions will ensure that your network is as secure as possible and will help to meet the unique needs of your organization.
In a previous Top Cyber-Defense article, we stressed the importance of conducting Internal/External Vulnerability Assessments and we strongly recommend conducting assessments every 90-days to continuously update your “Best Practices” Policies and/or Guidelines to maintain security of your network.
Store servers and devices in a locked, secure location and allow access to approved employees of your organization. Consider installing video surveillance to deter and detect unauthorized entry and theft. Insider threats are real and occur more frequently than you expect!
Anti-virus Software – malicious programs are scanned and eliminated, if found. Be sure to regularly update and fix any issues, maintain up-to-date versions on all devices.
Encrypt your data at Rest and In-transit – Cyber Criminals want your sensitive data to hold you for Ransom or sell on the Dark Web. Best Practice is to encrypt your data so if it is intercepted, Criminals are unable to read it for financial gain.
Firewalls block unsolicited traffic from entering your network. Update manufacturer patches on a timely basis- we recommend within 8 days and setting automatic new patch notifications if available in your console settings.
Segment your Network into subnetworks. If any of the networks are compromised, all other segmented networks are left untouched.
Multi-Factor Authentication (MFA) – Insurance Carriers are requiring MFA to obtain Cyber coverage for good reason – to protect your network from Cyber Criminal access. We previously included MFA as one of our Top Cyber-Defense Measures to implement on your network. MFA is simple and effective – your employees must provide two separate methods of identification to log into an account on your network.
TEST Your Network by conducting external/internal vulnerability assessments on a frequent basis. Your network changes during the year and Cyber Criminals learn new ways to access networks! Always be aware and in control of who has the access to your network or servers and do not give blanket access to every employee. Follow Password Best Practices by using strong passwords and as recommended by NIST-CSF controls, require employees to change their password every 90 days.
Determine what and where your Software assets reside. You organization has several software applications running on a wide range of devices (servers, desktops, laptops, and even mobile devices). Identify your software assets to include hardware configurations, disk space utilization, license type, contract terms, and so on. To a certain extent, your software inventory will be in a constant state of flux which is why it is important to keep it updated on a regular basis.
Identify software that is no longer supported or requires a patch update. Many Cyber Criminals exploit known vulnerabilities associated with old or out-of-date software. Turn on automatic updates and prevent employees from having administrative controls for their device so they cannot turn this feature off.