Meta description: Business organizations can be targeted by hackers, but these strategies can protect your data and your network.
It’s very rare these days to find a business that doesn’t use computers and the Internet. The problem is that the use of these admittedly useful tools also comes with inherent dangers. That’s why you need to employ the best strategies to prevent various types of targeted cyber intrusions.
These attacks can come in many different forms:
- You may download fake free antivirus software. In fact, you may download various free programs that actual attack your system or make it more vulnerable.
- You may fall victim to fake marketing campaigns.
- You may be tricked into clicking on disguised links on social networking sites.
- Mail phishing campaigns are still going on. These can con you into clicking into a malicious email attachment or URL. Others may use fake websites, fake Google account log-in screens, or fake Dropbox sign-in pages.
So what can you do about all these threats to your business? Here are some potentially useful strategies you can implement.
Application Whitelisting
Blacklisting means having a list of applications that you and your workers must never use. Since there are so many of them, such a list isn’t really viable. So it’s more useful to have an application whitelist. This is a list of programs you can use safely and therefore other unauthorized programs (which include malicious software) can’t run.
You don’t even really need special expensive hardware to be able to use application whitelisting. You can use Windows Applocker, which is available in Windows 10, Windows Server 2008 R2, Windows 7 Ultimate, and Windows 7 Enterprise.
With this feature, you can define rules on which programs groups and individuals can use. You can create these rules easily with the “Automatically Generate Rules” wizard.
It also offers other benefits aside from just security against intrusions. You can keep your people from running unlicensed software, older versions of programs, or programs reserved for just a select group (such as payroll applications reserved only for HR).
Patching
Patch management is one of the most basic functions of your IT department. Makers of programs and operating systems often make new patches available to add new features, fix discovered bugs, and most importantly it can fix discovered vulnerabilities.
Some patches are more important than others, so you need to prioritize your patching. You should focus on the following:
- Systems that contain classified or sensitive information. These will include your file and HR database servers.
- Crucial business systems. These include financial database servers and domain controllers.
- Data transfer hosts.
- Machines that connect to the Internet. These are your email, web, and remote access servers.
- “High value” employee workstations.
You have to keep all the components of your IT up to date when it comes to patches. That means every workstation and server, and network appliances and devices. Operating systems and installed applications must be patched regularly as patches become available, and even the apps in mobile devices should be patched too.
There is some concern that some patches are problematic. One example of this is the notorious iOS 10 update that led to bricking. So you may want to test out the patches in a few systems first to test its stability, before you roll out the patches to the rest of your systems.
Security Incident and Event Management (SIEM)
This combines security incident management (SIM) and security event management into a single security management system. SIM collects information onto a central repository for trend analysis, and it also provides reports automatically for compliance reporting. SEM centralizes log storage and interpretation, and allows for almost real-time analysis. This allows IT security to take defensive measures against cyber intrusions more quickly.
With the combination of the two systems, security events are identified, analyzed, and recovered more quickly. It gathers info from various end-user devices, network equipment, and servers, and even from antivirus systems, intrusion-preventive systems, and firewalls.
Privileged Identity Management (PIDM)
Most workplace computer systems require people to log in first, so that they’re then limited to what applications they can use and data they can access. The problem with is that often these frameworks allow for super user accounts that aren’t properly managed. They’re used by CEOs, chief information officers, and database administrators.
Sometimes these people may use their accounts improperly, and yet there not really monitored and governed all that much. Super user accounts may even be totally uncontrolled on the company network. Yet these people may not have enough formal training in managing their super user accounts.
Thus, PIDM is concerned with the following goals:
- Making a list of privileged accounts and identifying each user.
- Creating a policy which states what these accounts can and cannot do.
- Creating a responsible group that monitors these accounts (“who guards the guardians?”)
- Using the right PIDM tools.
IT departments are often faced with the challenge of balancing efficiency and security. It’s one thing to allow a worker privileged access to sensitive data for them to work effectively. But checks and limitations on the account must be set in place, when the time comes that the worker no longer needs access to that sensitive data.
Audits must also be performed on accounts and their privileges. This can be done yearly, so that use access privileges and restrictions can be monitored regularly.
User Behavior Analytics (UBA)
UBA is about tracking and monitoring the activities and data accesses of corporate network users. It looks for anomalous behavior which can be a sign of cyber intrusions or insider threats.
UBA software can gather lots of data about user behavior from many different sources. These include system logs, SIEM, and IDS/IPS. With these tools and data, IT security can get a heads up regarding questionable user behavior that can indicate a security risk.
Conclusion
Security for your corporate network is always a crucial issue, so you must implement strategies to protect it. With the strategies listed here, you can go far in keeping your data safe and your network working properly.