7 Key Business Cybersecurity Protection Tips
As companies rely more and more on technology to operate, it becomes increasingly important for employers of all sizes to be aware of the business security risks. Ensuring company data, devices, and records are secure is a top priority for every organization—no matter its size.
But how exactly can you keep your digital assets safe?
Here we outline seven best practices for business cybersecurity. These security tips will not only keep malicious actors at bay but will also empower your workforce with the policies and procedures they need to feel confident in their day-to-day tasks.
Check out the previous blog posts in our cybersecurity best practices series–highlighting both personal security and employee security to help you stay safe.
1. Training
Necessary business cybersecurity best practice for your everyday employees
Sure, understanding the fundamentals of cybersecurity may come naturally to some. But employees still need proper training on how to handle potential infractions in a professional manner.
Unfortunately, many of the corporate programs leave much to be desired–they’re often seen as nothing more than an unnecessary inconvenience by staff members. So when it comes time for security drills and preparation sessions: don’t just settle with online courses or tests-give your team legitimate situations that are likely experiences you’ll face.
Security requires more than just checking a box–understanding, applying and enacting best practices are key. To make this happen in an effective way, people need to connect training material with tangible experiences they can recognize. Theoretically studying 40 pages of information followed by a quiz is not enough; organizations must engage their employees on another level that brings security threats into focus for them as real risks.
A useful, real world analogy
Ensuring security requires vigilance like an oven left unchecked could burn down a house. Challenge any unknowns–question who they are, why they’re there and what credentials do they possess? It might be the difference between protecting your organization or having it burn down from threats turning into real attacks.
2. Policy
Necessary business cybersecurity best practice for your everyday employees
Business cybersecurity policies are the framework of a well-secured organization. These protocols range from straightforward steps such as barring social sites on corporate networks to more complex strategies, like disabling all removable media and WiFi links within facility grounds. With these protective measures in place, companies can be sure both their digital assets and personnel stay safe.
Policy is an indispensable tool for organizations to ensure their employees remain accountable, as well protect against malicious external threats. It also serves the added benefit of allowing organizations to stay agile and adaptable in a dynamic business environment–not only by providing convenient reminders about any signed terms or NDAs but enabling them tailor requirements that fit changing circumstances.
3. Antivirus
Necessary business cybersecurity best practice for your everyday employees
Antivirus is a must-have for any business security plan.
A top-notch product can effectively stop most malicious software that could damage your assets, whether coming from the Internet or email attachments. Investing in reliable antivirus protection will provide you with an extra layer of assurance and peace of mind.
Organizations across the globe have come to rely on advanced antivirus solutions, like Symantec Enterprise Protection and Trend Micro’s Enterprise security suites, to protect their networks from common malicious attachments and malware.
Enterprise grade antivirus/anti-malware products are typically a centrally managed security as a service (SaaS) solution. These solutions utilize policies and groups configured in a management console on a dedicated system to handle updates and malware alerting within the network.
4. Firewalls
Necessary business cybersecurity best practice for your everyday employees as well as some more sophisticated recommendations
Firewalls are the most common network security appliance in any organization. They’re often the most expensive as well. Not only is there the initial cost, but then you have the ongoing maintenance and configuration as the needs of the business shift. A common phrase heard throughout the InfoSec community after a compromise or breach, which has also become a bit of a joke about weak security practices, is: “But, we have a firewall!”
Unfortunately, many organizations simply purchase a firewall, perform the initial configuration, and leave it sitting in a rack somewhere never to be touched again–leaving them incredibly vulnerable to new attacks.
The business cybersecurity necessity side of the argument:
The key to firewall success is to continually audit, update, and generally maintain a firewall setup to achieve the highest possible level of security. At the very least, and I’m talking bare minimum, an organization should be tending to the firewall any time a change is made to the system, updated on a monthly basis, and audited quarterly to coincide with compliance requirements, and so forth.
Used in conjunction with additional resources and strategies for securing information assets, firewalls can provide a layer of protection to deter most broad-spectrum attacks.
The advanced security level side of the argument:
This is based on the methodology by which the firewall is configured. The best way to configure a firewall, despite the increased overhead for administration and configuration hours, is to leverage the Deny All rule.
The Deny All rule comes standard in any firewall default configuration and you can build upon it by whitelisting services that are approved for your environment. Unfortunately, the common practice–not necessarily best practice–is to put a firewall into play, start with the Allow All rule, and start blocking the bad stuff. While this generally closes up holes in the environment, over time, you’re still leaving your business open to vulnerabilities until someone on your security or IT team gets around to doing that actual configuration.
In the long run, building your firewall policies via whitelisting against a Deny All rule can be cumbersome for whomever is in charge of configurations and maintenance. However, it’s important to note that it allows for more flexibility and straightforward configuration than the reverse of trying to block all of the bad stuff.
5. Physical / Facilities Security
Necessary business cybersecurity best practice for your everyday employees as well as some more sophisticated recommendations
With regard to physical and facilities security in an organization, the infosec community could literally write a book on the topic (and has). Two examples that come to mind are The Complete Guide to Physical Security by Paul Baker and Daniel Benny and The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick. Everything from the front door lock, through how you authenticate for authorized access to a server room, is included in this topic.
I aim to cover some of the basic best practices in the industry. Keep in mind that just like other areas of information security, there’s no one-size-fits-all solution or methodology for every business environment.
Employee Awareness
Businesses must ensure their physical security is as strong as possible by educating employees on how to spot suspicious activity and handle sensitive requests. A knowledgeable workforce can be the difference between keeping operations secure or becoming vulnerable at any moment.
Social Engineering
Businesses are constantly vulnerable to a physical attack, and social engineering is one of the most common ways bad actors gain access. We touched on social engineering in the second part of this series. Whether it’s pretending they’re an official contractor or simply requesting entry into sensitive areas, perpetrators can easily get in. Once in, they exploit vulnerabilities and plant tools of destruction like keyloggers and various tools used to exfiltrate data or create a way for them to get into the environment through a backdoor from the outside.
Social engineering is such a common tactic amongst intruders, that the information security industry has created an entire sector solely devoted to physical penetration tests. These rigorous exams have the objective of finding out: how far can the intruder get before being detected? How deep into sensitive areas can the intruder probe without raising suspicions about your identity or objectives?
Physical Security Components
Physical security has three basic components: access control, surveillance, and testing.
- Access control, like in network security, revolves around limiting who can get in without proper authorization and authentication methods.
- Surveillance involves watching the facility and monitoring for suspicious activity.
- Testing involves periodic auditing and testing of all access controls, surveillance methodologies, and processes in place. These audits ensure processes within the organization are functioning and also to determine if they need any improvements.
Access Control
Securing a facility is far more complex than it appears. Savvy project managers must factor in various elements when establishing access control to ensure their site’s protection–an endeavor that requires planning and patience.
It is important that the access control aspect of physical security remains adequately tuned for an ever-evolving company environment, so all necessary mechanisms are tightly controlled yet still accessible when needed. As with many information security components, physical security is not a “set it and forget it” situation. It is always going to be changing with the needs of the organization.
Surveillance
Facility surveillance is a crucial component of any security plan. Cameras and other recording devices monitor visitors entering and leaving critical locations, like server rooms that contain sensitive equipment or data. While this technology helps create an additional layer of protection for your facility, it’s not foolproof–so you must also back up the system with appropriate policies and procedures in order to truly ensure its effectiveness.
Testing
Finding and patching any flaws in security systems is an essential part of keeping facilities safe. Testing must be carried out from both inside and outside the organization to ensure all possible scenarios are accounted for–only then can you rest assured that your security implementations are doing their job.
6. IDS/IPS & Anomaly Detection
Advanced business cybersecurity best practice
Bolstering an organization’s security, intrusion detection and prevention systems (IDS/IPS) play a vital role in guarding against external threats.
Through the use of rules that look for matching parameters in packet data, an IDS/IPS can literally stop an attack in its tracks. Acting as gatekeepers of your network infrastructure and relentless sentinels on the lookout for suspicious activity, these powerful tools can detect malicious traffic at its source—before it has a chance to reach firewalls or other protected areas.
In the event that malicious traffic passes through the IDS/IPS systems, in theory, a properly configured firewall can stop it before it enters the network. These systems also create log data for analysis and further tuning of the environment’s protection measures.
When it comes to IDS/IPS solutions, there’s a large selection of choices. Open-source solutions like Snort, Zeek (previously Bro), and Suricata are available while companies such as FireEye, CheckPoint, and McAfee offer proprietary alternatives–giving you the freedom to choose what’s best for your environment.
Implementing these devices into your environment is not the easiest task. These tools take a lot of patience, configuration, know-how, and tuning by your security and IT teams to operate in an efficient manner. However, once set up properly, they are important as a part of your well-rounded, stable, heightened-security environment.
7. SIEM / SOC Use
Advanced business cybersecurity best practice
SIEMs provide a powerful platform for security teams to get an in-depth look at their network.
These tools bring together Security Information and Event Management, giving organizations additional capabilities like data aggregation and correlation, alerting mechanisms, dashboards for quicker access to real time information on threats or anomalies as well as long term retention processes that give them forensic evidence if needed. Splunk Enterprise is one of the industry’s premier solutions in leveraging these powerful functions in your environment.
While SIEMs may be commonplace throughout the information security industry as a logging method and analytics tool, leveraging this technology isn’t always the easiest task. To take full advantage of a SIEM, it takes effort and knowledge to ensure you get the most out of your system.
SIEMs are not a set it and forget it solution
SIEMs are a powerful, yet complex form of business security–requiring deep understanding about how an organization works. A SIEM has the ability to keep tabs on what users can and cannot access as well as monitor overall network activity and how implementations of other IT security tools are cooperating and interacting with the environment. With heavily refined sifting processes that cut right through all the chatter, SIEM solutions provide real-time data protection for organizations looking to stay ahead in today’s online world.
Additionally, most organizations want to leverage this machine data with a supplementary Security Operations Center (SOC).
An effective SOC must be supported by clear communication and transparency between IT personnel, allowing for the careful tuning of SIEMs to create accurate dashboards and reports that provide deep insight into any alerts triggered within an organization’s environment. By doing so, organizations can maximize their return on investment when it comes to cybersecurity.
To safeguard your organization, it is essential to establish clear expectations on alerting thresholds and security practices. Risk mitigation documentation must also be put in place–this way everyone involved can feel secure and confident that the necessary measures are being taken.
Conclusion
A key takeaway from this series: Security isn’t a set it and forget it scenario.
Each part of your business cybersecurity program must undergo regular reviews to align with business objectives and to keep up with the constantly evolving threat landscape. After implementing measures, don’t forget to test and optimize them for optimal protection. It’s also important to do so without sacrificing user experience too much–otherwise, if it gets to a point where it’s too cumbersome to use, no-one will abide by it.
Save yourself time and stress.
Consider reaching out to an experienced managed security service provider–like Hurricane Labs (we offer penetration testing too). Not only will an MSSP ensure your organization is compliant with safety standards, but also that it reaches a higher level of maturity in terms of business security protection.
About Hurricane Labs
Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.
For more information, visit www.hurricanelabs.com and follow us on Twitter @hurricanelabs.
