Senior Technical Support Engineer
NNT - New Net Technologies
As of late, cybersecurity has come to the forefront of the I.T. Industry, and is one of the key functions of any organization. This article will discuss 5 key processes and potential controls you should implement in order to maximize the effectiveness of your cybersecurity efforts, leading to an all-around secure environment.
For many organizations, the first step to improving the effectiveness of their cybersecurity efforts is educating employees on cybersecurity best practices. This is important, because regardless of the measures put in place by security teams to aide in maintaining system security, they will end up being ineffective if the employees of the organization circumvent them and introduce risks into the organization. When educating employees, there are several factors that will come into play, but here are some of the more critical aspects:
- Strong Password Selection – Introduce strict password policies, and discuss with staff on how best they can manage their passwords using a password manager. Make sure they are utilizing strong passwords and not commonly guessed words or phrases as part of their passwords.
- Email Management & Attachments – Train employees on the key aspects of email they should be looking for. Make sure they understand which emails should be opened and responded to, and which could potentially be harmful and contain malicious attachments such as PDF’s containing cryptographic malware.
- Internet Utilization & Software Installation – Make sure that employees are not installing unauthorized software onto the systems. These software packages may act as normal software, but may contain Trojan Horse Viruses which can lead to data leaks and potentially harm the network as a whole. Train employees to recognize when a website is safe and key things to look out for when browsing the web in order to prevent download of potentially harmful files.
- Phishing & Social Engineering Education – Train employees to be vigilant and how to spot potential phishing attacks and social engineering efforts that may arise in a variety of ways. This can include emails, phone calls, text messages, fake websites, etc.
One of the key critical controls to a secure environment is implementing some sort of a plan for system testing. Having an environment that is an exact replica of the production environment can go a long way when testing the implementation of potential system patches, software installations, system hardening efforts, and vulnerability assessment, remediation, and management.
It is also critical that systems are hardened and configured securely to limit potential flaws out of the box that could lead to future exploits. By hardening systems, you are therefore reducing the attack surface of the systems and eliminating potential attack routes.
Vulnerability scanning is a critical control that can be implemented in order for an organization to manage the potential vulnerabilities in their environment which can be exploited. Having a process for vulnerability management in place can lead to a successful cybersecurity deployment. In addition to this, once vulnerabilities are discovered, a plan should be put in place to remediate the vulnerabilities.
Managing when changes will happen, how they will happen, who will implement the change, and what systems the change will be occurring on is a key factor to ensuring your cybersecurity efforts are being as effective as possible. Whether change management is done on a large ITSM platform such as ServiceNow, or on a simple excel spreadsheet is irrelevant when it comes to an environment that has yet to implement the security measure. This is a critical measure that should be implemented and is a must. Start small, and build your way up to a proper ITSM platform for the future if needed. Finally, if you already have a change management platform, and are trying to take your change management capabilities to the next level, having that change management platform integrate with a File Integrity Monitoring system such as our Change Tracker application would put the spotlight on any potentially harmful changes that arise outside of a scheduled change window, as well as give you the capabilities to validate that the changes that did occur during the change window are indeed the intended changes. Visit our ITSM integration page to learn more.
Having a process in place for managing unexpected change is just as critical as having a change management process in general. While designing your change management process, one must ensure that they know what to do when a change that was not intended is spotted. An organization should be able to determine more information about the change by asking the following questions:
- Is the unexpected change safe? If it was not safe, was there a potential breach? Was any data compromised?
- Who implemented the change and on what system was it implemented?
- Should we take action to undo the change, or is the change required?
- Was the change a break in process? If so, why wasn’t the process followed?
- How can we prevent this from occurring in the future
Finally, an organization will want to have a process in place for any change activity that is undefined. This change activity occurs outside of patch windows, is generally safe, and is not something the user has intended to change. This can occur from things like automatic updating software definitions, operating system files gradually changing over time, as well as custom application files changing over time. Having a process in place that allows the change review board to follow up on these changes is critical. When following up on undefined activity, it is important to determine the following:
- How will this information be handled?
- Will the information be sent to a service desk and raised as an incident?
- Is the change that has occurred something that will be reoccurring often?
- Does the organization really need visibility of the change, or is it just noise?
- If the change occurred from an automatic update, does the automatic update need to be turned on?
- Are updates for this application scheduled via the Change Management platform? If not, why is this the case? Is it possible to turn of the automatic update process and manually run the updates during a change window?
Although there are many other security controls and processes that can be implemented to ensure a secure environment and a robust security program, these are some of the key fundamental practices that should help your organization in order to lay down the ground work for future security investments and help you grow into a more secure environment in the days to come.