Top 5 Cybersecurity Tips That Deliver “Quick Wins”
Cybersecurity can be daunting to say the least. As Donald Rumsfeld said, “We don’t know what we don’t know,” and that’s especially true with cybersecurity. However, there are some simple and effective safeguards that will pay dividends. Here is my list of the top 5 cybersecurity tips that provide “Quick Wins” for everyone – from end-users to IT administrators.
1. Updates, Updates, Updates!
This should be a no-brainer, so it’s no surprise that it’s Quick Win Number One! Applying updates and patches is critically important. Often these updates add fun new functions or features, but more importantly they include code changes designed to correct bugs and vulnerabilities. Of course, your computer’s operating system should be updated—we all know that—but so should any installed software applications and their dependencies. Routers, firewalls, switches, and printers should all be updated regularly too. But, in the Internet of Things (IoT) Age it doesn’t stop there. When is the last time you updated your cell phone, smart watch, smart TV, or that fancy new wi-fi connected instant pot?
Updating is not difficult and is similar to personal hygiene: it takes a little bit of time, but it’s necessary and, in the end, everyone benefits! Furthermore, many systems offer an option to enable automatic updates. This option may not be appropriate for IT administrators managing an enterprise environment, but it’s a great solution for individuals. If you only remember one of these top 5 cybersecurity tips – this is the crucial tip to remember.
2. Reduce the Attack Surface
As a penetration tester, I’m very familiar with explaining to folks that we cannot test what we cannot access. To that end, one of the most effective cybersecurity controls is reducing the attack surface. Attack surface reduction can be accomplished through a number of practices. These practices include disabling unnecessary services, applications, or accounts. They can also include removing legacy systems, network segmentation, Access Control Lists (ACLs), and even using Cloud Access Security Brokers (CASBs).
3. Strong Authentication Practices
Services that provide authentication are key targets for threat actors. I recently wrote a blog post on some of the different forms authentication attacks can take. The risk of credential compromise can be effectively reduced with strong passwords, sufficient account lockout policies, and through the use of Multi-Factor Authentication (MFA). We recommend that all passwords be at least 16 characters long, and each password should be unique, or never used for more than one service. This may sound cumbersome, but password managers make creating and managing long complex passwords very easy!
4. Principle of Least Privilege
According to Matt Bishop’s Computer Security: Art and Science, the Principle of Least Privilege states that “a subject should be given only those privileges needed for it to complete its task.” This is an easy concept to understand but can be difficult to implement if excessive permissions have been the norm. A great example of this is removing administrator privileges from users. Ninety-nine percent or more of a normal user’s activity does not require administrative privileges, and besides, most users cannot see the forest for the trees. The intent here is not to make a user’s experiences more difficult or inefficient, but to limit any unintended damages. If a user clicks a link in a phishing email, a payload may be executed on the user’s system. However, without administrative privileges, the payload may fail to execute.
The Principle of Least Privilege is even more relevant for IT administrators who may have to use two separate accounts, a standard account and another with elevated privileges for performing administrative functions. Administrative accounts should never be used for normal day-to-day activities like email or web browsing. Privileged groups, such as those in Active Directory or Office 365, should be reviewed periodically to ensure the accounts within those groups still require elevated privileges. Service accounts within Active Directory should also be reviewed as they are frequently assigned more privileges that are strictly necessary.
5. Endpoint Security Software
Now, for the last of my top 5 cybersecurity tips! Traditional antivirus software has been around since the 80s and was designed to prevent and remove known malicious software on hard disks. It was often out-of-date (see Quick Win Number One), misconfigured, or just plain ineffective. Endpoint security software has come a LONG way since then. Modern forms of antivirus software, or “next-gen antivirus,” can be highly effective and feature rich. Furthermore, antivirus software spurred a wave of innovation around the security of endpoint computer systems.
Endpoint security software suites of today still prevent and remove known malicious software (this is called “signature-based detection,”) but they do so much more than that! Although signature-based detection is still a standard function, heuristic-based detection is also common. In heuristic, or “behavior-based” detection, the software analyzes the code itself for malicious properties. These threat detection methods aren’t limited to hard disks anymore either. Other data sources can also be analyzed, including memory, web browsers and their associated data, as well as network data.
The features of each endpoint security software suite differ from vendor to vendor, but some of the higher value features to look for include firewall functionality (see Quick Win Number Two), extensive logging capabilities, threat alerting, application permit/block lists, Intrusion Prevention System (IPS) functionality that actively reacts to threats, and sandboxing.
Often these endpoint security software suites will integrate with other applications, including your mail client and web browser, providing another layer of protection. These integrations can facilitate functions such as link inspection, where the software sends any links to a separate system that analyzes them for possible threats, and sandbox or cloud detonation, where suspect files are executed in a contained environment. The results of this execution are then analyzed for any malicious properties.
I hope you found these top 5 cybersecurity tips helpful! If you need more cybersecurity consulting advice, technical testing, training or incident response services, contact our expert team.