Cybercrime is up over 600% since the start of the COVID-19 pandemic. Cybersecurity has never been more important or more challenging. Today we’ll share the 3 step approach we recommend to effectively and affordably improve your information security:
- Email environment
- Network environment
- Workstation environment
Large organizations can afford entire security teams trained in the latest technologies to keep their digital infrastructure safe. But what can a small organization do to protect its data?
When faced with limited IT resources, there are still effective steps an organization can take to significantly improve its security footing. What follows is a fairly technical discussion about security techniques and protocols. Feel free to keep reading if you’re up to the task! But if you’d rather not get into the technical jargon, please contact us and we’ll be happy to talk with you about which of these ideas make sense for your particular organization.
1. Improve Your Information Security through Your Email Environment
In 2019, one study discovered that 94% of all malware was delivered via email, while 64% of organizations experienced phishing attacks. So what steps can your organization take to protect itself against email-based attacks?
The first step is to employ a few readily available techniques designed to increase the accuracy of email authentication. Or put another way, decrease the ability for outside organizations to impersonate emails originating from your organization.
The second step is to take every effort to train your users on how to recognize email-based cyberattacks.
Employ Techniques to Increase Email Authentication Accuracy to Improve Information Security
You can implement the following email security techniques to increase your organization’s chances to identify the authenticity of an email. As a result, this will remove a favorite technique for hackers to monitor traffic on a compromised machine:
- SPF (Sender Policy Framework) – An email authentication protocol designed to prevent email spammers from using a sender’s domain for their own fraudulent purposes.
- DKIM (DomainKeys Identified Mail) – An email authentication protocol that essentially allows a sender to apply a digital “signature” to outgoing emails that can be verified by the recipient’s mailbox provider through Domain Name System (DNS).
- DMARC (Domain-based Message Authentication, Reporting, and Conformance) – Verifies incoming emails against both SPF and DKIM policies, and then fires off a report of its findings to the sender’s domain.
- Forwarding Rules Policy – Disable the ability to forward emails to an out-of-domain address. A classic technique of hacker is to implement such a rule once they have compromised an email account. Removing the ability for auto-forwarding to an out-of-domain address spoils the hacker’s ability to create a spoof attack.
Secure your Office 365 Mail Environment with Exchange Online
For users of Office 365 Exchange Online, a couple inexpensive options exist to help secure your Office 365 mail environment:
- Microsoft Advanced Threat Protection (ATP) now called Microsoft Defender for Office 365 – This simple, inexpensive add-on to your existing Exchange Online email plan scans incoming emails for attached or embedded malware and malicious links. Office will quarantine malicious attachments and emails with malicious links. ATP protects you against malicious links and attachments.
- Data Loss Prevention (DLP) – A content analysis engine that scans outgoing emails and flags any that violate organizational DLP policies. Designed to prevent the unwitting sharing of personally identifiable information, sensitive intellectual property, sensitive financial information, etc. DLP protects you from unwittingly giving away confidential or embarrassing information.
To summarize, use technology to help secure your email environment by implementing SPF, DKIM, and DMARC. Consider removing the ability to auto-forward emails to an out-of-domain address. And if you are an O365 email user, consider adding on ATP and upgrading to a version of your license that offers DLP.
Provide Ongoing User Education to Improve Information Security
Secondly, improve email security is to provide constant and ongoing user education against social engineering.
Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. In fact, about 33% of breaches include social engineering attacks.
The most common form of social engineering in the digital space is Phishing. Phishing occurs when a malicious party sends a fraudulent email appearing like it’s from a source you trust. The message intent is to trick the recipient into installing malware on his or her device. Or to trick the recipient into sharing personal or financial information.
Protect Your Business from Social Engineering
Guarding against social engineering techniques involves training your staff to learn how to recognize phishing attacks and other types of email scams. For example, ask yourself the following:
- Do you recognize the sender’s email address?
- Is the content of the sender’s email consistent with the normal types of business or communications you conduct with this user?
- Is the spelling on the sending domain correct or are one or more letters off?
- Was the email sent during normal business hours?
- Is the subject line vague?
- Is the email asking you to click on a link?
These are but a few of the many types of questions you should ask when reviewing a suspicious email. If you are ever in doubt about the authenticity of something that just does not look right – pick up the phone and call the sender. Obtain verbal confirmation of the authenticity of the email.
Additionally, there are several products that help create internal programs to help train your staff to recognize phishing attacks or email scams. Consider employing tools like Knowbe4 or Microsoft Exchange Plan 2 to set up internal phishing education training programs.
2. Improve Your Information Security through Network
Think of network security as your perimeter defense. And as with any good defense strategy, consider implementing layers of security. There are multiple methods and techniques you can employ to add layers of security to your network.
Outer Protection from a Firewall
First, you want rugged outer protection from a firewall. Your properly configured and patched firewall will manage network traffic, allow only authorized traffic in and out, and block access to non-authorized traffic.
Protect Internal Resources
Second, protect internal resources by segmenting your internal network and regulating access between each internal network.
Define each sub network according to usage traffic. For example, Finance, HR, Sales, and Engineering could all be on their own sub networks, with communication between each subnet only at explicitly defined interface points. This way, if one internal network were to be breached, access to other internal networks is hampered, limiting the extent of the breach.
Similarly, place web servers, application servers, database servers, and user workstations into separate network segments and regulate communication between them. Again, if a public-facing web server were to be compromised, its access to application servers is limited and access to workstations or database servers completely denied.
Limit exposure of your internal network to the outside internet and limit outside/visitor access to only what is needed.
Use a VPN & Secure Wireless Networks
With the rise in remote work arrangements, you can secure remote access by using a VPN. VPNs are used to authenticate communication between secure networks and endpoint devices. Use IPsec or SSL to ensure all communication is encrypted. By requiring all external access be via VPN, you eliminate all unauthorized access to your network.
And don’t forget to secure your Wireless networks! An open wireless network is an invitation for hackers to gain access to your organization’s network.
Implement Intrusion Detection Software to Improve Information Security
And finally, consider implementing intrusion detection/prevention software. Intrusion detection packages constantly scan and analyze network traffic/packets, so that different types of attacks can be identified and responded to quickly.
Layers of network security – firewall, segmented networks, VPN, secure wireless, and intrusion detection/protection. Each layer contributes toward the common purpose of maintaining a highly secure network.
3. Secure Your Endpoints
The final consideration in the three-step approach is endpoint security. Endpoint security systems protect desktops, laptops, and mobile devices on a network or in the cloud from cybersecurity threats.
Endpoint security evolved from traditional antivirus software to providing comprehensive protection from sophisticated malware and evolving zero-day threats. Today’s endpoint protection systems can quickly detect, analyze, block, and contain attacks in progress.
Use Anti-malware Tools
Anti-malware tools are a kind of network security software designed to identify dangerous programs and prevent them from spreading. Types of malware include viruses, trojans, worms, keyloggers, and spyware, all of which are designed to spread through computer systems and infect networks. Anti-malware and antivirus software may also be able to help resolve malware infections, minimizing the damage to the network.
Use Access Control
Beyond protection tools like anti-virus and anti-malware, consider the importance of Access Control. Within your organization and within your network, define and maintain strict access roles to manage access to sensitive data. This ensures that only properly authorized access the data for which they are authorized.
Use Multi-factor Authentication
The most common and effective method to prevent passwords hacks is to implement multi-factor authentication (MFA). Implementing MFA will stop hackers from guessing a password and gaining access to an endpoint, and then the network. MFA requires the user to independently confirm it was really them logging into their machine, network, or VPN, usually by means of entering a code sent via text, or by using an authenticator app on their smart phone. Using MFA can prevent an estimate of 99.9% of cyberattacks from compromising accounts.
Use an Unencrypted Disk
And finally, especially if you use a laptop and travel for your job, use disk encryption. An unencrypted disk from a stolen workstation or laptop can be removed and easily read from another computer. Encrypting your disks will secure the information on those disks, even if stolen and removed.
Be Proactive to Mitigate the Risk
When faced with the challenge of creating a secure computing environment, consider implementing many of the steps outlined here. Understand the various threats to your organization’s computing environment and the steps you can take to mitigate those threats. Apply security in layers. Secure your email environment and your network and your endpoints. Approach information security by implementing individual achievable steps – but individual steps that all work together toward the goal of providing your organization the very highest levels of information security.
Not sure where to begin? Contact Advanced Imaging Solutions for help taking your first step towards security.