We asked industry experts: ‘How can technology leaders ensure the work practices of their colleagues do not put their company’s cybersecurity at risk?’ Here’s what Charles Burger, Global Director of Assureon Solutions at Nexsan, a StorCentric Company, had to say.
Whether it is your data or employees – what has become crystal clear is that today, your organization’s two greatest assets no longer reside safely within your four walls. And, while honest mistakes can put your company’s cybersecurity at risk, malicious behavior from bad actors is more commonly to blame. So how do you as a security leader protect against both?
To start, consistently train and educate your workforce. Teach users to adopt a virtually zero trust attitude. For instance, users should not visit unapproved websites, nor click on links or open files inside unexpected emails – even from those they know and trust.
This is a common trick used by malicious actors to gain access to confidential data or the company network, as well as introduce a virus, ransomware or other malware. Then, make sure that users – and especially administrators – run in the least privileged mode possible, while still being able to maintain reasonable productivity.
Of course, this is not foolproof as malware has proven very adept at escalating to root or admin privilege levels. Next, you should regularly patch and update the management tools on all networked devices, local and remote, including switches, servers and BYODs.
New malware exploits are now published within days of patches being available, so, unfortunately, the window of relative safety is getting shorter and shorter. Of course, you must enable firewalls and deploy all the latest patches as soon as they are available and as quickly as you/your team are able.
Note that some of the newest firewalls can help block traffic from known ransomware, though the jury is still out on their real-world effectiveness. And, last but not least, disable Remote Desktop Protocol (RDP) unless used in carefully controlled maintenance procedures. Of course, that’s not really last – there are countless more strategies and technologies designed to protect an organization’s cybersecurity.
Unfortunately, the truth is that even with the most advanced and sophisticated policies and technologies in place, many organizations will still fall prey to accidents and/or malicious attacks. The key is to not depend solely upon prevention, but rather also ensure your organization can recover. To do so, your last line of defense must be continuously updated and ready to go – that is an immutable copy that can’t be altered and is replicated to a secure remote location. The remote location should be known only by a select few. And, the remote data in that location should be aggressively locked down using a hardened storage solution that has been engineered with the understanding that attempts at corruption or deletion can come from anyone, anywhere and at any time.
With this one-two punch, you can rest easier knowing that the work practices of your colleagues, as well as the efforts of external bad actors, will not put the company’s cybersecurity at unrecoverable risk.