Our networks and security need to be more dynamic than the threats we face, which are only set to rise in prominence and frequency in 2019. Businesses need to able to deploy new software quickly and in any area they require. A completely new approach to security, one that architect’s security into IT systems from the start, is required if these ever more powerful breaches are to be contained; if not thwarted.
Easier said than done – but with advanced technologies and new capabilities, provided by cloud and mobile computing, this is now not only feasible but essential too.
Outdated systems, no matter how many layers of bubble wrap we blanket them in, are still outdated. It is time for organisations to make sure they are practicing basic cyber hygiene and protecting their crown jewels – mission critical business applications and data.
Adopting simple cyber hygiene practices can make a much more effective stand against cyber security incidents. Much like brushing your teeth in the morning, there are simple principles every organisation with an IT system needs to be aware of, and implementing, on a day-to-day basis.
Here are five tips to securing a constantly evolving IT landscape. These are not new ideas, but sometimes they are forgotten, and protocols are not always updated to keep your cyber armour chink-free.
#1 Least privilege
Just because you trust everyone in your business does not mean that your receptionist needs the same access levels as your CEO. Give users minimum necessary access and leave your most valuable data vulnerable to far fewer breach points. You would not give a hotel guest a key for every room in the hotel.
#2 Micro segmentation
We do not use drawbridges and castle walls anymore for a reason. They give a false sense of security and encourage lax approaches to security within the walls. Once your attacker infiltrates your outer-defence the threat is inside and there is nowhere to hide. Breaking down your network into layers and self-contained areas keeps the entire system protected and ensures your access points are not left vulnerable to attack. Do not neglect your perimeter, but do not rely on this alone.
Think of encryption as the last weapon in your arsenal against hackers – except with cyber security it keeps you ahead of the game. If all else fails and your firewalls and access protocols are breached, encryption means that all the critical data you have stored is useless to them.
Like a Rubix cube, if you do not know how to decode it and put it back together, encrypted data is a difficult puzzle to crack. Basic cyber hygiene means encrypting your files and data before sharing. The same applies to encrypting network traffic wherever possible.
#4 Multi-factor authentication
From thumb-print ID to facial recognition, security is becoming personal. But even implementing basic two-factor authentication stops the first wave of breaches. And, the more personal we get with authentication, the more secure our networks will be. After all, your thumbprint is much more difficult to steal than your pin code!
Systems require updates for a reason. Every time malware gets more advanced your service providers respond with system and software updates. Do not remain in the past. Upgrade and update to stay ahead of your attacker’s game.
Understanding these principles is one thing – but implementing them is critical. Everyone in your organisation should understand why cyber hygiene is critical, but more importantly, your IT managers and business decision makers need to understand how to implement these principles. Just like washing your hands, good cyber hygiene habits protect everyone.
- Just because you trust everyone in your business does not mean that the receptionist needs same access as your CEO.
- Once your attacker infiltrates your outer-defence the threat is inside and there is nowhere to hide.
- Think of encryption as the last weapon in your arsenal against hackers – except with cyber security it keeps you ahead of the game.
- The more personal we get with authentication the more secure our networks will be.
- Your thumbprint is much more difficult to steal than your pin code.
- Every time malware gets more advanced your service providers respond with system and software updates.
In order to keep your business safe from security threat actors, it is better to be proactive rather than reactive to threats, writes Joe Baguley at VMware.