Cybersecurity risks are everywhere. Here is the good news – there are ways to mitigate these risks, and to defend against increasing cyber threats. CISA, the Cybersecurity and Infrastructure Security Agency, has released their Risk and Vulnerability Assessment for Fiscal Year 2021, and they included 11 suggested mitigations for common cyber attack techniques. (See the common attack techniques in this infographic.) Review the list below for ways to reduce your cybersecurity risk.
1. Train your people. Your staff are a great asset and the first line of cyber defense in your organization.. With education and periodic reminders, users can avoid many of the traps of phishing, social engineering, and fraudulent requests. Each person should be entrusted with the login privileges and data access necessary to accomplish their job, and they should understand their role and responsibility to ensure the security of their own areas.
2. Manage access carefully. Administrators need to be extremely cautious with access controls. Using least privilege will ensure that employees have only the access they need to do their jobs, but no more. Reduce your risk by allowing fewer people into your confidential and secure data, and remove the access of past employees immediately when their term of employment ends.
3. Filter or block websites that are unsafe, including those without current security certificates. If employees cannot access an unsafe site, they also cannot accidentally download a malicious file from that site.
4. Set and follow strong password policies. Make sure your administrative controls require strong passwords and multi-factor-authentication (MFA). There should be no exceptions for any company accounts. If you have taken no other security measures, MFA is the first step to enhance your security posture and reduce your cybersecurity risk.
5. Make sure your initial setup is intentional. Use the settings in your Operating System to restrict access to the network. You reduce cyber risk when you make it more difficult for an attacker to log in or create a breach. Risk increases when you have fewer security restraints.
6. Keep good network boundaries. Also known as Network Segmentation, this is a process to separate critical data and systems from the rest of the network. These might be physical separations or logical and programmable settings in the network. With proper segmentation, even if an attacker accesses one machine on the network, they would not necessarily have access to the entire system.
7. Network Intrusion Prevention systems will help reduce cyber risk by blocking malicious files and attacks at the network boundary, and will alert administrators of policy violations or network intrusions.
8. Work ahead and prevent execution. Even if a network is breached, Data Execution Prevention will stop malicious code before it runs.
9. Lock up what’s important. Encrypt your sensitive information. While no system is foolproof, encryption will exponentially reduce your cybersecurity risk. If an attacker obtains this data, it would be extremely difficult to unlock.
10. Clean up old software. Use software from reputable and trustworthy organizations. Remove or deny access to any programs that are unnecessary, outdated, or otherwise vulnerable.
11. Be the traffic controller of your data. A Data Loss Prevention system monitors, protects, and blocks sensitive data while in use on network machines, in motion on the network, or at rest in network storage.
View the CISA infographic with this list and more vulnerability assessment information here.
There are many risks, and these mitigation steps are some ways to get started with mitigation. Take one step today, and reduce your cyber risk.
Keep following along as we share some mitigation tips, and/or read the CISA Weak Security Controls Alert or Risk and Vulnerability Assessment for more details on each of these.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills.
We set the standard for cybersecurity excellence.