Oct 28th, 2019

Cybersecurity Awareness Month – 6 Approaches for better Security

#CybersecurityAwarenessMonth

#CybersecurityAwarenessMonthIdeas

#ApproachesforBetterSecurity

Cybersecurity illustration by PurpleBox

 

As we are getting to the end of October, aka National Cybersecurity Awareness Month, let’s make sure we do not forget about Cybersecurity on November 1st and go back to business as usual. Technology has become an integral part of our lives, both personal and professional, and to protect ourselves and our businesses, we have to become Cybersecurity Aware and make smart decisions as we use technology.

The good news is, we have a better understanding of cyber threats and better tools to defend against them. Companies small and large can protect themselves by applying the following approaches:

1– Adopt Email Security Best Practices

The importance of email-based attacks is undeniable. Implementing email security best practices will help you eliminate the majority of the attacks.

  • Implement email filtering as the first line of defense to block malicious and suspicious emails even before they reach the users’ mailboxes.
  • Implement secure email using advanced protocols such as DMARC, SPF, and DKIM configurations.

2– Secure Your End-Points

Raise your hand if you did not hear the “M&M Security Model”; hard on the outside and soft on the inside. But in today’s cloud-enabled, hyper-connected environment, a new security paradigm is needed. The Zero-Trust Security model means that each and every computing device, server, network, or application is secure. At the end of the day, your users are not only accessing your systems when they are in the office. They may be connecting from their home office, the Starbucks around the corner, or from the hotel network in a foreign country. Securing your end-points requires a consistent and ongoing effort.

  • Workstations, servers, mobile devices, and applications adhere to secure configuration standards,
  • All operating systems and applications are regularly patched to the latest version to avoid known vulnerabilities,
  • All servers, networks, workstations, and mobile devices are regularly scanned for vulnerabilities and monitored for malicious activity, and
  • All systems have a strong anti-virus, anti-malware, and end-point detection and protection technology solution,
  • All system access (network, application, device, API, etc.) is controlled via secure authentication and authorization mechanisms.

3– Protect Your Account Credentials

Your account credentials are the keys to the kingdom, make sure you protect them. Implement a strong password policy for your systems.

  • Use a unique and long password for all critical systems. Consider adopting a passphrase instead of a password.
  • Do not use the same password for multiple sites.
  • Make sure multi-factor authentication (MFA) is enforced for critical systems.
  • Implement an Enterprise Single-Sign-On (SSO) solution.
  • Use a Password Manager to create and securely store strong and unique passwords for each application/site.

4– Conduct Regular Cybersecurity Awareness Training

Cybersecurity awareness and training solutions supplement the technical controls by arming your users with the knowledge to identify threats and take the correct course of action. Training programs should include eLearning modules, assessments, workshops, gamification, promotions, and simulated phishing attacks. Use your Cybersecurity awareness training program to train users so that the security team is extended to the rest of the organization, instead of being solely the CISO’s responsibility. Technology alone cannot fully protect you; users are your best, first and last line of defense.

5– Monitor Your Environment

Even the best cybersecurity defense programs cannot protect you 100%. In case some incident still happens, make sure you have logging, monitoring and incident response as an integral part of your cybersecurity program. Monitoring should include not only network traffic, but also server, application, user behavior, and access logs. Security monitoring should also include monitoring external threat intelligence sources and correlating with internal log sources. Explore and adopt new approaches that use big-data analytics and artificial intelligence to eliminate the noise/false positives and provide valuable and actionable insights.

6– Test Your Defenses

Cybersecurity is a process and not a one-time project. Security teams need to be vigilant and constantly on the lookout. Continuously testing your cyber defenses is critical.

  • Scanning of networks, servers, endpoints, and applications for known vulnerabilities,
  • Penetration Testing, Ethical Hacking and Red Teaming exercises,
  • Risk assessments,
  • Auditing your policies, processes, and controls for compliance with standards and regulations.

We hope you find these approaches useful and take Cybersecurity Awareness Month as an opportunity to process a security check for your business.

If you liked this post, share it now!

Our Recent Posts

How to Secure Your Docker Containers: Tips and Challenges

Discover Docker technology, learn about Docker security best practices and Docker vulnerability...

Read More

Ultimate Guide to Securely Deploy Django at Scale on AWS ECS [Part 3]

Learn how to securely deploy a dockerized Django application to AWS Elastic Container Service w...

Read More

Ultimate Guide to Securely Deploy Django at Scale on AWS ECS [Part 2]

Learn how to securely deploy a dockerized Django application to AWS Elastic Container Service w...

Read More