Multi Factor Authentication
A username and a password combination is no longer secure. Exclusively using simple username and password protection on Internet facing portals such as Webmail, VPN, and Remote Desktop, allow hackers to gain access via weak or stolen user passwords. Multi factor authentication is a two-step verification process that adds an extra level of protection by requiring authorization via a mobile device.
Ransomware is a form of malware that encrypts all corporate files and prohibits access to this data unless a ransom is paid. Recovery options are to restore from backup (and lose all changes post last backup) or pay the ransom. Active protection against ransomware will minimize outbreaks and reduce/eliminate damage.
Exploitations in firmware, configurations, and software are a common occurrence in today’s technology. These exploits can make any firm a target both from internal and external cyber-attacks. Scheduled automated vulnerability scans will verify the security of all servers, network devices, workstations, and laptops on the corporate network. The scans are run on a quarterly basis to check devices for any known exploits and reports identified potential risks. Once identified, these risk can be addressed.
All network devices and servers generate diagnostic and informational logs for all events that occur. These logs are generally hard to review because they exist in several locations on several different platform types. With log aggregation a centralized device captures all logs generated by accepted systems and places them into a single container which can then be used to automate alerts based on specific events. This process allows for greater speed to response when the first signs of trouble begin to appear.
In order to increase employee awareness against cyber security threats and social engineering attacks, management must provide training to users. Security training provides the necessary tools to ensure compliance with policies and procedures as well as the knowledge to mitigate cyber threats.
Active Directory Monitoring
Active Directory administrator accounts should be kept to a bare minimum. With active domain monitoring alerts will be generated any time an account is granted administrative privilege, whether intentional or malicious.
Hard Drive Encryption
Remote computing has many advantages, however it puts data at risk if a laptop is lost or stolen. Even with a password protected device, laptop hard drives can have their data read and stolen with little effort. By utilizing hard disk encryption, all data on a laptop hard drive is protected from extraction by an unwanted party.
91% of successful data breaches are started with a spear phishing attack. The best defense for these attacks is to raise employee awareness and improve their security behavior. “Disguised” phishing emails sent to all users on a quarterly basis will output to a report outlining which users are most susceptible to attacks.
Over 14.7 billion data records have been lost or stolen since 2013 due to data breaches. This data includes account passwords and logon information. Actively monitoring these large data breaches will identify which employee accounts have been leaked and require immediate attention.
Password Testing (hash cracking)
Weak passwords are easily compromised via brute force and dictionary attacks. Periodic hash testing against all accounts will expose weak passwords and output reports on which should be immediately changed.