Six Ways to Help Improve your Security Posture

August 10, 2017 | Payton Bush

A strong cybersecurity program is quickly becoming one of the most important investments a company can make. In the wake of numerous corporate breaches over the last few years, all users are on higher alert about the safety of their sensitive data. Whatever the size or maturity level of your security infrastructure, there are a few key steps that you can take to keep your data and organization safe.

1) Educate your employees

It’s an unfortunate truth that security isn’t really a tech problem - it’s a people problem. Even with the most advanced gadgets, uneducated staff can fall victim to some of the simplest and most common attacks. The best way to avoid this is to train your employees on security best practices. This could be any number of things, but some of the best to start with are:

  • Check to make sure that any website, popup, or email that you’re about to click on seems authentic. Misspelled URLs or garbled text are usually a dead giveaway that what you’re seeing isn’t legitimate.
  • Ensure passwords are different for corporate and private accounts.
  • If you’re unsure of something or see anything suspicious, report it!

2) Implement formal security policies

Implementing formal policies can be a pain, but it’s far easier to lay out rules than it is to try and respond to a breach. One of the more familiar policies is to require strong passwords with a combination of upper and lowercase letters, numbers, and symbols. If you want to go the extra mile (you do) set these passwords to expire every 60 to 90 days. You can also require Multi-Factor Authentication (MFA), which means you’ll need two devices to login into accounts.

Also, don’t be afraid to hold your employees accountable and make sure that they understand their responsibilities in using both company-issued and personal devices for work purposes.

3) Practice your incident response plan

Even if your formal policies are effective, you should still practice your incident response plan. Luckily this isn’t the typical fire drill where everyone has to awkwardly shuffle out of the building – it just means simulating what might happen in the case of an attack. In the 2017 SANS Incident Response Survey, 58% of respondents indicated that they review and update IR processes at least periodically. This number is likely to increase as more resources are diverted to Incident Response teams. This is a worthwhile investment because a well-functioning IR team can mean the difference between remediation efforts after one day or one month, which ultimately protects your organization from damage.

4) Plan for a breach

An effective security strategy means planning for the worst possible outcome. It’s an unfortunate reality that most organizations are likely to be breached in some capacity. The likelihood of a cyber attack on any size business continues to increase as technology and hacking techniques advance, and without a response plan in place, your business is more likely to falter and mishandle a breach when – not if – one occurs.

Companies should be aware that, depending on their business, they are more likely to be the victim of a targeted or indiscriminate attack. Identifying which attack is likelier for your organization can help you decide how to allocate your security resources and appropriately plan for inevitable attacks.

5) Invest in security software

The worst mistake an IT department can make regarding its cyber protection is not having any at all. A robust security solution is a must-have for any company, especially those who conduct most or all of their business online. There are also a number of free and open source solutions that can help to develop security programs, although these will not possess the more comprehensive functionalities of paid tools.

Free and/or Open Source
STAXX
Modern HoneyNet
SHODAN
VirusTotal
Malwr
IPVoid
Threatminer
DomainTools
CIF
CRITS
MISP
Yeti
Cuckoo

Enterprise Tools
ThreatStream
Anomali Enterprise

6) Keep your software up to date

Don’t delay in updating your system when your security software pings you that it’s about to expire or needs a patch. That little alert could be the difference between a functioning machine or a machine completely shut down by a malware strain like WanaCry or Petya. Hackers are constantly searching for security vulnerabilities, and letting those weaknesses go for too long can result in disastrous consequences.

Whether within the IT department or across a company, there’s always another step you can take to ensure your organization, data, and employees stay secure. Are there any steps that you think we’ve missed? If so, let us know in the Anomali Forum.

Payton Bush
About the Author

Payton Bush

Get the latest threat intelligence news in your email.