Maintaining proper cybersecurity practices has become an essential aspect of conducting business regardless of what sector you are in. The threat of cyberattacks on small and medium sized businesses is more significant than ever, and it is crucial to establish robust security measures now to protect your organization's sensitive data. Cyberattacks are becoming increasingly common for small and medium sized businesses, averaging 2,244 attacks per day in 2021 alone. These attacks often result in substantial financial losses with the average cost of a data breach reaching $4.24 million. The first step towards securing your organization’s data is to establish a culture of cyber hygiene within your organization. To help you achieve this, we have provided guidance in our Mastering Cyber Hygiene series. In previous articles, we have discussed cyber hygiene and best practices for inventorying and assessing data assets (see Mastering Cyber Hygiene: Best Practices for Software, Data and Account Inventory Management), building out cybersecurity processes (see Mastering Cyber Hygiene: Building Processes to Improve Your Cybersecurity Posture) and training (Mastering Cyber Hygiene: Tips to Train Everyone in Your Organization). In this article, we will focus on implementing best practices and assessing their effectiveness.
Importance of Implementing Cyber Hygiene Processes
It is imperative for businesses, regardless of their size, to prioritize the implementation of cyber hygiene processes. Such practices play a pivotal role in safeguarding organizational assets and data against the ever-evolving cyber threats. Cyber hygiene refers to the collective practices and protocols in place to safeguard your business’ systems, networks, and data (collectively IT infrastructure) from cyber threats. Adhering to industry-approved standards such as the Center for Internet Security’s Critical Security Controls (CIS Security Controls) or National Institute for Science and Technology (NIST) can drastically mitigate the risk of a cyberattack. By adopting these measures, businesses can demonstrate their commitment towards protecting their stakeholders' sensitive information and minimize the potential negative consequences that could arise from a cyber incident.
Furthermore, implementing these processes can help business owners comply with regulations and industry standards, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with these regulations can result in hefty fines and reputational damage.
Overview of CIS Critical Security Controls IG 1
The CIS Security Controls are a set of best practices for cybersecurity developed by the Center for Internet Security (CIS). Implementation Group 1 (IG1) provides guidance on implementing basic cyber hygiene practices. By implementing these controls, organizations can ensure that they are taking necessary first steps to protect their information systems and networks. As we have in past articles, we would like to reiterate that basic cyber hygiene is not the ultimate goal of a cybersecurity program. Instead, it should be seen as an integral component of a strong cybersecurity program that makes significant inroads towards securing your business’ IT infrastructure. Now that we have reviewed the CIS Critical Security Controls IG 1, let's dive into best practices for implementing cyber hygiene processes.
Best Practices for Data Protection
Four key practices to implement towards the protection of data include configuring data access control lists to restrict access to sensitive data, enforcing data retention policies, securely disposing of data when it is no longer needed, and encrypting data on end-user devices to protect it from unauthorized access.
Configure data access control lists to restrict access to sensitive data.
By configuring data access control lists, businesses can limit the access that employees and other users have to sensitive data, ensuring that only authorized personnel can view and manage such data.
Enforce data retention policies to ensure that data is not stored longer than necessary.
Enforcing data retention policies will help ensure that data is not stored longer than necessary, reducing the risk of data breaches and cyber attacks.
Securely dispose of data when it is no longer needed.
Securely disposing of data is equally important. When data is no longer needed, it is crucial to dispose of it properly to prevent it from being accessed by unauthorized users.
Encrypt data on end-user devices to protect it from unauthorized access.
Encrypting data on end-user devices is a fundamental aspect of cybersecurity. Encryption ensures that data remains protected from unauthorized access even if a device is lost or stolen.
By implementing these best practices, businesses can significantly reduce the risk of data breaches and cyberattacks, safeguarding their sensitive data and maintaining the integrity of their systems.
Best Practices for Secure Configuration of Enterprise Assets and Software
There are five key practices that organizations can implement when configuring enterprise assets and software, including configuring automatic session locking on enterprise assets, implementing and managing firewalls, securely managing enterprise assets, managing default accounts, and configuring dedicated administrator accounts.
Configure automatic session locking on enterprise assets to prevent unauthorized access.
Automatic session locking on enterprise assets can help prevent unauthorized access to systems and data. This ensures that the system is secured when the user is not actively using it, preventing unauthorized access.
Implement and manage firewalls on servers and end-user devices to protect against network-based attacks.
Implementing and managing firewalls on servers and end-user devices can protect against network-based attacks. Firewalls act as a barrier between the internal network and external systems, monitoring and blocking incoming traffic that is not authorized.
Securely manage enterprise assets and software by regularly updating them and removing unnecessary applications.
Securely managing enterprise assets and software by regularly updating and removing unnecessary applications is essential in preventing cyber threats. Regular updates ensure that any vulnerabilities in the system are fixed, while the removal of unnecessary applications reduces the attack surface.
Manage default accounts on enterprise assets and software to prevent unauthorized access.
Managing default accounts on enterprise assets and software helps prevent unauthorized access. Often, default accounts have weak or easily guessable passwords, making them vulnerable to attack.
Configure dedicated administrator accounts to restrict access to administrative privileges.
Configuring dedicated administrator accounts can restrict access to administrative privileges, ensuring that only authorized personnel can perform administrative functions. This helps to prevent unauthorized changes to system settings and data.
Implementing these best practices reduces the risk of cyberattacks, protects sensitive data and systems, and ensures that only authorized personnel can perform administrative functions.
Best Practices for Account Management
Account management is an essential aspect of cybersecurity that businesses and individuals cannot afford to overlook. The following recommendations, such as using unique passwords for each account, disabling dormant accounts, and restricting administrator privileges are just a couple of cyber hygiene best practices that can help ensure that accounts remain secure.
Use unique passwords for all accounts to prevent credential stuffing attacks.
Using unique passwords for each account can prevent credential stuffing attacks, where attackers use stolen login credentials to gain unauthorized access to multiple accounts.
Disable dormant accounts to prevent unauthorized access.
Disabling dormant accounts can prevent unauthorized access to sensitive information and systems, as attackers often target inactive accounts that may have weak passwords or other lax security measures.
Restrict administrator privileges to dedicated administrator accounts to prevent privilege escalation attacks.
Restricting administrator privileges to dedicated administrator accounts can prevent privilege escalation attacks, where attackers gain access to sensitive data and systems by exploiting administrative privileges.
Implementing these few best practices will go a long way towards strengthening your cybersecurity posture.
Best Practices for Access Control Management
Access control management is a critical aspect of cybersecurity that involves implementing measures to control who has access to sensitive information and systems. The following three best practices all revolve around multi-factor authentication (MFA) with slight variations on their importance and implementation. MFA requires users to provide two or more pieces of evidence to prove their identity - such as a password and a fingerprint - making it difficult for attackers to gain unauthorized access even if they have stolen login credentials. This extra layer of security significantly reduces the risk of data breaches and cyberattacks.
Require multi-factor authentication (MFA) for externally-exposed applications to prevent unauthorized access.
Requiring multi-factor authentication (MFA) for externally-exposed applications is a critical best practice that can significantly enhance access control and prevent unauthorized access. Externally-exposed applications are those that can be accessed from outside the organization's network, such as web-based applications or cloud-based services.
Require MFA for remote network access to prevent unauthorized access.
Requiring MFA for remote network access limits the ability of cyber attackers to randomly gain access to the network. Even if credentials are compromised the use of MFA prevents remote network access as the attackers will not have the necessary authentication provision to gain access to the network.
Require MFA for administrative access to prevent unauthorized access.
Requiring MFA for administrative access limits the potential for bad actors to escalate privileges and circumvent cybersecurity controls. This extra layer of security significantly reduces the risk of unauthorized access, even if attackers have stolen login credentials or gained access to the network. Moreover, MFA for administrative access can help prevent insider threats, where employees or contractors abuse their privileges to steal data or cause harm to the organization.
Implementing MFA for externally-exposed applications, remote network access, and administrative access is crucial for any organization that wants to safeguard its sensitive data and systems.
Best Practices for Continuous Vulnerability Management
Performing automated operating system and application patch management are two critical best practices in continuous vulnerability management. Keeping systems and applications up-to-date with the latest security patches and updates significantly reduces the risk of cyberattacks and helps prevent known vulnerabilities from being exploited.
Perform automated operating system patch management to keep systems up-to-date.
Automated operating patch management streamlines the process of patching, ensuring that patches are applied consistently and in a timely manner.
Perform automated application patch management to keep applications up-to-date.
Automated application patch management streamlines the process of patching, ensuring that patches are applied consistently and in a timely manner.
By implementing these best practices, organizations can maintain a strong security posture, comply with regulations and standards, and protect their sensitive data and systems from cyber threats.
Best Practices for Audit Log Management
Audit log management is a critical aspect of maintaining good cyber hygiene. Audit logs provide a detailed record of system activity and user actions, enabling organizations to detect and respond to security incidents promptly.
Collect audit logs to detect and respond to security incidents.
Collecting audit logs is essential for identifying security incidents. Audit logs record all activity on a system, including logins, file access, and network traffic. These logs provide valuable insights into system activity, allowing security teams to identify suspicious behavior and potential threats. Without audit logs, it would be challenging to detect and respond to security incidents effectively.
Ensure adequate audit log storage to retain logs for the required amount of time.
Adequate audit log storage is necessary to retain logs for the required amount of time. Many compliance frameworks mandate that organizations retain audit logs for a specific period, typically for months or even years. Having sufficient storage capacity ensures that organizations can retain logs for the required period without running out of space. Retaining logs for an extended period is critical for forensic analysis and compliance purposes.
Implementing these best practices for audit log management is crucial for achieving good cyber hygiene. Collecting audit logs and retaining them for an adequate amount of time enables organizations to detect and respond to security incidents promptly, helping to prevent data breaches and other cyber threats.
Best Practices for Email and Web Browser Protections
Implementing best practices for email and web browser protections is essential for achieving good cyber hygiene. As email and web browsing are some of the most common activities performed by employees, ensuring their security is paramount in safeguarding an organization against cyberattacks.
Ensure use of only fully supported browsers and email clients to prevent vulnerabilities.
It is critical to use only fully supported browsers and email clients. Unsupported software is often more susceptible to vulnerabilities, making it easier for attackers to exploit weaknesses and gain unauthorized access. Using fully supported browsers and email clients ensures that any known vulnerabilities are patched promptly, reducing the risk of cyberattacks.
Use DNS filtering services to block malicious websites and emails.
Using DNS filtering services to block malicious websites and emails can prevent employees from accessing malicious content. DNS filtering services work by blocking access to known malicious websites and domains, preventing employees from accidentally clicking on links that could lead to a cyberattack.
Implementing email and web browser best practices is critical for good cyber hygiene. Using supported browsers and email clients, and DNS filtering services reduces the risk of cyberattacks, protecting sensitive data and maintaining customer trust.
Best Practices for Malware Defenses
By implementing the following best practices, organizations can significantly enhance their security posture and reduce the risk of cyberattacks.
Deploy and maintain anti-malware software to detect and prevent malware infections.
Deploying and maintaining anti-malware software is essential to detect and prevent malware infections. Anti-malware software scans systems and devices for malicious code, preventing malware from infecting the system. By deploying and maintaining this software, organizations can proactively defend against malware threats.
Configure automatic anti-malware signature updates to ensure that anti-malware software is up-to-date.
Regular automatic anti-malware signature updates keep the software current, detecting and preventing new and emerging malware threats. Cybercriminals are constantly developing new malware variants, making regular updates essential. Configuring automatic updates keeps anti-malware software effective against the latest threats.
Disable autorun and autoplay for removable media to prevent malware infections.
Disabling autorun and autoplay for removable media prevents malware from spreading through infected media. These features launch applications automatically when removable media like USB drives or CDs are inserted into a system. Disabling them prevents malware from executing and spreading through infected media, enhancing the security of organizations.
Implementing these best practices is essential for achieving good cyber hygiene in malware defense. Deploying and maintaining anti-malware software, configuring automatic updates, and disabling autorun and autoplay features for removable media significantly reduce the risk of malware infections, protecting sensitive data and maintaining customer and stakeholder trust.
Best Practices for Network Infrastructure Management
Ensuring that network infrastructure is up-to-date is a critical aspect of maintaining good cyber hygiene.
Ensure that network infrastructure is up-to-date to prevent vulnerabilities.
Outdated network infrastructure often contains known vulnerabilities that can be exploited by cybercriminals. Regularly updating network devices and configurations reduces the risk of security breaches and ensures that the network is functioning optimally. Additionally, keeping network infrastructure up-to-date enables organizations to leverage the latest security technologies and best practices, ensuring that they stay ahead of the evolving threat landscape.
By staying up-to-date, organizations can proactively defend against cyber threats and protect their sensitive data and systems.
Assessing Your Cyber Hygiene Processes
Assessing your cyber hygiene processes is crucial to ensure that they are effective and up-to-date. Regular assessments can help to identify vulnerabilities and areas for improvement. Here are some steps to follow when assessing your cyber hygiene processes:
Identify the scope of the assessment, including the systems, applications, and data that will be assessed.
Determine the assessment methodology, such as vulnerability scans or penetration testing.
Conduct the assessment and document the findings.
Develop a plan to address any vulnerabilities or areas for improvement.
Implement the plan and conduct follow-up assessments to ensure that the issues have been addressed.
Implementing and assessing cyber hygiene processes is essential for businesses to protect their assets and data against cyber threats. It isn’t enough to just create a cybersecurity program and let it sit on a shelf. Cybersecurity programs must be continually implemented, updated, and assessed to ensure that they are effective drivers of business instead of sunk costs. By following the best practices outlined in this article and regularly assessing their processes, businesses can significantly reduce their risk of suffering a cyberattack. Quantum Vigilance can help you build out a cybersecurity program that meets your business' needs. Our cybersecurity professionals will assess your specific risks and provide guidance that you and your team members will understand. Contact us now to get started on your cybersecurity journey.