Executive Summary
As the end of the year fast approaches, we wanted to share a little refresher on ways to ensure your technology and data remains as safe as possible over the festive period and well into 2022. To stay in the spirit of the season, we’ve opted to share our top security tips in the style of a 12 Days of Cyber Christmas list!
Day 1: Ensure the Principle of Least Privilege
If you manage the security of your organisation’s IT infrastructure, it’s likely you also manage a domain with plenty of users - each requiring a unique set of permissions. It can be a lot to juggle! To stay secure, we recommend you double check accounts on the domain only have access to the devices and resources that they need to access. Doing so could stop malicious actors in their tracks. And, if an account is compromised, you’ll suffer far less collateral damage due to the limited access to lateral movement.
Day 2: Backups
This might be news to some, but hackers don’t always want to steal your data. They might want to remove or destroy it instead. Therefore, it is always good to create backups of your critical data should a disaster strike. Having multiple copies of your data, both online and offline, whilst keeping it backed up and protected could help your organisation should it need to recover from a worst-case scenario.
Day 3: Encrypt Your Data
Whilst your cyber security solutions should prevent your data from being stolen in the first place, in the unfortunate event that it does end up in the hands of a malicious actor, the best way to ensure its continued security is through encryption. Luckily, there are many solutions for encrypting data, such as archiving a file and adding an encrypted password or opting for a full-disk encryption solution. No matter what method you choose, encryption will make it much harder for malicious actors to gain access to your data and will help you work towards better cyberculture.
Day 4: Manage Your Digital Footprint
We’ve all made mistakes online, such as sharing an embarrassing photo on social media or posting some content with a spelling mistake. When was the last time you searched your name or investigated your digital footprint? Many will say a very long time ago, or never! Looking at your digital footprint and removing anything you come across that you wouldn’t like others to see should give you some peace of mind, save you from embarrassment and remove any potential ammunition a malicious actor could use against you.
Day 5: Vulnerability Scans
In 2020, over 18,000 vulnerabilities were recorded on the National Vulnerability Database, a figure that has only continued to grow over the last year. Unpatched vulnerabilities can provide malicious actors with an easy door for entry into your systems and information. Implementing a solution that regularly scans for vulnerabilities and shares alerts on necessary patch updates will protect you from malicious actors that lurk in the shadows waiting to pounce on any given vulnerability.
Day 6: Patch Management
But, how do you ensure that the correct updates and patches are completed on time? In comes patch management. With the right solution, worrying about patching your systems can be a thing of the past. There are plenty of patch management solutions out on the market at the moment, from the big heavy hitters like ManageEngine and Avast. Though, regardless of which provider you choose, having a solution for patch management is sure to mitigate one attack vector at a time giving you peace of mind.
Day 7: Enable 2-FA (Two Factor Authentication)
This past year we’ve seen 2-FA here, there and everywhere - and with good reason. Using 2-FA provides more control over who gets access to your accounts as it provides another layer of protection on top of passwords and/or a passphrase. 2-FA can come in multiple forms, though the most common type is requesting and receiving a one-time code via text or authenticator app that’s valid for a limited time only. Whilst we have to acknowledge that 2-FA is not bulletproof and some methods are better than others, having 2-FA puts you in a much better position than you would be without it, which is why it’s one of our top security recommendations.
Day 8: Check Your Password
On the topic of passwords and passphrases, have you considered how strong yours are? As computers become more technologically advanced, brute force attacks become more favoured by malicious actors since they’re easier to carry out. The less complex your password or passphrase, the more likely you could be compromised. At CSA, we recommend you use a strong password or passphrase in combination with the advice in our next tip to help decrease the chance of being compromised via brute force.
Day 9: Password Management Tools
There are many password management tools out there, but what do they actually do? Secured with a master password, these tools allow users to generate and store passwords and/or passphrases ready for when needed. Before you start thinking password management tools sound counter-intuitive, research has shown that memorising multiple strong passwords can be difficult, and as a result, users will tend to opt for weaker and weaker passwords as time goes on. However, users will find themselves in a much stronger position if they need to only memorise one very strong password and can generate unrelated passwords from the management tool.
Day 10: Remain Aware of Current Threats
When it comes to cyber security, knowledge is power. Keeping tabs on malicious actor groups and how they think is a great way to protect yourself from them. If you can mitigate a common attack method used by a malicious group and understand how they operate and identify their indicators of compromise (IoC), then you’ll be better equipped to defend yourself than if you weren’t aware of the threats you could face. How do you keep up to date on the latest threats? Make sure to follow us on LinkedIn and Twitter for regular updates and keep an eye out for our regular Threat Reports that share further details on what you could face.
Day 11: Remain Vigilant About Phishing Methods
Whilst phishing methods do come under current threats, as mentioned in the tip above, protecting yourself against phishing scams is another kettle of fish that needs to be addressed separately. Why? Well, research shows that 94% of malware is sourced by email, with some of these attempts disguised as exclusive shopping discounts or deal scams over the festive period. Scammers take advantage of this being a more stressful time of the year than most, with people more likely to fall victim to a phishing attack. Once someone is compromised, it’s incredibly easy for malicious actors to steal personally identifiable information (PII) and other valuable information. Furthermore, attackers can gather emails and contact information, making these types of attacks quite dangerous, so it’s important to stay vigilant and aware of how scammers are currently operating. If you manage a mail server, implement a good spam filter to prevent the issue before it has a chance to land in your inbox.
Day 12: Active Monitoring
Whether internal, external or software-based, having active monitoring, if possible, is a priceless asset to have within your arsenal. A third eye to monitor events, alert you to any issues and inform you if your data is found on the internet as it happens is crucial if you want to react quickly and efficiently to any security breaches. With active monitoring, you can receive quick, detailed investigations into what’s going on behind the scenes with your data, or you can request active vulnerability scanning to provide you with more potential for your cyberculture.
If you would like to take action on any of these top tips, then you’re in luck! At CSA, we provide solutions to each of these issues, which you can learn more about on our services page or get in touch with one of the top experts to discuss what solutions will work best for you.
