In Cybersecurity Part I – The Threats, I discussed the rise in the number of cyberattacks being conducted and the types of threats organizations are facing. This article discusses a two-pronged approach that can be taken to mitigate the threat and develop resiliency to recover quickly from cyberattacks.
Step 1 – Conduct a Security Audit
To develop a plan to address your current IT security needs you’ll need to understand where you are. Having an experienced IT Services company perform a security audit is an essential first step. Security audits generally consist of vulnerability scans, password testing, penetration testing, and an examination of your strengths and weaknesses. The report should flag areas of concern and provide you with a plan to address any security problems that are found.
Step 2 – Protect the Gateway
Gateways are devices, like firewalls and routers, that stand between the internet and your network. All external network traffic passes through gateways making them the first line of defense against cyberattacks. Implementing a next generation firewall, like the Cisco ASA with FirePOWER Services, will add a security software suite that provides multiple layers of protection. IPS (Intrusion Prevention System), application-layer control software, malware protection, and URL filtering are all key components in a comprehensive gateway protection solution.
Step 3 – Protect Endpoints
Adding an anti-virus suite to endpoints, like PC’s and laptops, is no longer adequate to completely protect against today’s multi-vector cyberattacks. While still important, centrally managed anti-virus & malware software is only one piece of the puzzle.
Email security is another key component. Implementing cloud-based email security is vital whether you host your own mail servers or rely on a hosted email solution like Office 365. A comprehensive email security solution will offer anti-virus protection, phishing protection, spam filtering, zero- hour threat detection, and attachment defense. Hosted email solutions allow all of this to happen before emails enter your network.
Cloud-based breach protection software that works at the DNS layer, like Cisco Umbrella, will add an additional layer of endpoint protection. DNS protection works by preventing users from accessing web addresses that have been compromised to deliver malware or being used for phishing scams. Protecting email before it enters the network, scanning endpoints for anti-virus & malware, and implementing DNS layer protection create a formidable wall that will make it difficult for cyberattacks on your network endpoints to succeed.
Step 4 – Train Users
End users are the last line of defense in thwarting phishing scams, malware infections, and data leaks. Creating a training program in-house, or outsourcing training to an experienced IT consulting company, is vital to helping employees recognize and deal with cybersecurity social engineering threats. Knowing what kind of behaviors allow cyberattacks to succeed will go a long way toward protecting your network.
Step 5 – Disaster Recovery/Business Continuity Planning
It’s important for your business operations to bounce back quickly in the event of a successful cyberattack, natural disaster, or catastrophic systems failure. Disaster recovery planning will help you determine what systems are the most vital and create a path to recover quickly. This is a multi-step process that will identify areas of improvement, create divisions of labor, and document the steps necessary to get your business back up and running.
Cyberattacks come from many directions and are constantly evolving. Experience has shown that these five steps -- conducting a security audit, protecting the gateway, protecting endpoints, training users and developing a disaster recovery plan -- will help thwart these attacks and allow a business to recover quickly and successfully.