Cyber incidents including data breaches, ransomware attacks and social engineering scams have become increasingly prevalent. Cyberattacks impact organizations of all sizes in various industries. These incidents have largely been brought on by the continued and growing attackers’ sophistication.
As these incidents continue to rise, in both cost and frequency, it is crucial for organizations to take steps to address their exposures and bolster their digital security defenses. To help protect against cyberattacks, here are 10 essential cyber security controls that organizations can implement to help manage their exposures.
1. Multifactor Authentication (MFA)
While complex passwords can help deter cybercriminals, they can still be cracked. To help prevent cybercriminals from gaining access to employee accounts and using this access to launch potential attacks, MFA is key. This layered approach requires a user to present a combination of two or more credentials to verify their identity for login and helps secure a system’s data applications. A great resource is using Duo multifactor authentication. It’s an easy, efficient way to secure your data by letting the website know it’s really you who is logging in.
MFA is now a fundamental requirement for most Cyber insurance coverage, as it creates an additional hurdle to login, which means cybercriminals won’t be able to easily unlock accounts, even if they have employees’ passwords in hand. Organizations should consider enabling MFA for remote access to their networks, the administrative functions within their network and any enterprise- level cloud applications.
2. Patch Management
Patches modify operating systems and software to enhance security, fix bugs and improve performance. They are created by vendors and address key vulnerabilities cybercriminals may target. Patch management refers to the process of acquiring and applying software updates to a variety of endpoints. The patch-management process can be carried out by organizations’ IT departments, automated patch management tools or a combination of both. Steps in the patch-management process include:
- Identifying IT assets and their locations
- Assessing critical systems and vulnerabilities
- Testing and applying patches
- Tracking progress
- Maintaining records of such progress
- Organizations should establish patch management plans that include frameworks for prioritizing, testing and deploying software updates.
3. Endpoint Detection and Response
Endpoint detection and response solutions continuously monitor security-related threat information to detect and respond to ransomware and other kinds of malware including:
- Incident data search and investigation triage
- Suspicious activity validation
- Threat hunting
- Malicious activity detection
These solutions work by constantly analyzing events from endpoints to identify suspicious activity providing continuous and comprehensive visibility into what is happening in real time by recording activities and events taking place on all endpoints and workloads. Upon receiving alerts regarding possible threats, organizations and their IT departments can then uncover, investigate and remediate related issues.
4. Network Segmentation and Segregation
When organizations’ networks lack sufficient access restrictions and are closely interconnected, cybercriminals can easily hack into these networks and cause more widespread operational disruptions and damage. This is where network segmentation and segregation can help.
Network segmentation refers to dividing larger networks into smaller segments (also called subnetworks) using switches and routers. This gives organizations the ability to better monitor and control the flow of traffic between these subnetworks. Such segmentation may also boost network performance and help organizations localize technical issues and security threats. Both network segmentation and segregation allow organizations to limit the risk of cybercriminals gaining expansive access.
5. Secure Data Backups
One of the best ways for organizations to protect their sensitive information and data from cybercriminals is by conducting frequent and secure backups. Organizations should determine safe locations to store critical data, whether within cloud-based applications, on-site hard drives or external data centers. From there, organizations should establish concrete schedules for backing up this information and outline data recovery procedures to ensure swift restoration amid possible cyberattacks.
6. Incident Response Planning
Incident response plans can help organizations establish protocols for detecting and containing digital threats, remaining operational and mitigating losses in a timely manner. Successful incident response plans should outline:
- Potential attack scenarios
- Ways to identify signs of these scenarios
- Methods for maintaining or restoring key functions during these scenarios and the responsible individuals
- Using the resources that Cyber liability insurance often provides as a component of the coverage.
Review these plans routinely through various activities, such as penetration testing and tabletop exercises, to ensure effectiveness and identify ongoing security gaps. Based on the results of these activities, organizations should adjust their response plans when necessary. Cyber insurers also assist with this scrutiny, another valuable element of Cyber coverage.
7. End-of-Life Software Management
At some point, all software will reach the end of its life. Manufacturers will no longer develop or service these products, no longer produce upgrades, deal with bugfixes or security improvements, or will discontinue technical support. As a result, end-of-life software will have vulnerabilities that cybercriminals can easily exploit.
Continuing to use end-of-life software comes with many risks, including:
- Heightened cybersecurity exposures
- Technology incompatibilities
- Reduced system performance levels
- Elevated operating costs
- Additional data compliance concerns.
It’s clear that proactive end-of-life software management is necessary to prevent unwelcome surprises and maintain organizational cybersecurity. that includes planning for replacements as needed.
8. Remote Desk Protocols (RDP)
Remote desk protocols are network communications protocols developed by Microsoft which consists of a digital interface that allows users to connect remotely to other servers or devices. These protocols users can easily access and operate these servers or devices from any location. Remote desk protocols have become an increasingly useful business tool. While they permit employees from retrieving files and applications stored on their organizations’ networks while working from home, they give IT departments the ability to identify and fix employees’ technical problems remotely.
Unfortunately, remote desk protocols ports are also frequently leveraged as a vector for launching ransomware attacks, particularly when these ports are left exposed to the internet.
In fact, a recent report from Kaspersky found that nearly 1.3 million RDP-based cyber events occur each day, with remote desk protocols reigning as the top attack method for ransomware incidents. To safeguard remote desk protocols ports, organizations should keep these ports turned off whenever they aren’t in use, ensure such ports aren’t left open to the internet and promote overall interface security using a virtual private connection (VPN) and multifactor authentication.
9. Email Authentication Technology or Sender Policy Framework
Many ransomware attacks and social engineering scams start with employees receiving deceiving emails from fraudulent senders claiming to be trustworthy parties. These emails contain malicious attachments or ask for sensitive information. To protect against potentially harmful emails, it’s essential that organizations utilize email authentication technology.
This technology monitors incoming emails and determines the validity of these messages based on specific sender verification standards that organizations have in place. Organizations can choose from several different verification standards, but the most common is sender policy framework, which focuses on verifying senders’ IP addresses and domains.
Upon authenticating emails, this technology permits them to pass through organizations’ IT infrastructures and into employees’ inboxes. When emails can’t be authenticated, they will either appear as flagged in an employee’s inbox or get blocked from reaching an inbox altogether. With sender policy framework, unauthenticated emails may even be filtered directly into employees’ spam folders. Ultimately, email authentication technology can make all the difference in keeping dangerous emails out of employees’ inboxes and putting a stop to cybercriminals’ tactics before they can begin.
10. Employee Training
Employees are widely considered an organization’s first line of defense against cyber incidents. All it takes is one staff mistake to wreak havoc on an entire workplace system. Given this, it is important for organizations to provide cybersecurity training. This training should assist employees in identifying and responding to common cyber threats. Additional training topics may also include organizations’ specific cybersecurity policies and methods for reporting suspicious activities.
Because digital risks are changing, this training should not be a standalone event. Organizations should provide cybersecurity training regularly and update this training when needed to reflect the latest threats, attacks trends and workplace changes.
In today’s evolving digital risk world, it is vital for organizations to take cyber security seriously and use effective measures to reduce their exposures. By leveraging proper cybersecurity controls, organizations can help safeguard their operations from a wide range of losses and reduce the likelihood of related insurance claims. Furthermore, documenting these controls can allow an organization to demonstrate to its insurers that it considers cybersecurity a top priority, potentially increasing their ability to secure coverage.
Take steps to prevent an attack before it happens because cyberattacks are more common than people suspect. If your organization is attacked, Dempsey can seamlessly help. We’re here to protect your business from hacks, cyberattacks, and other online threats.
Cyber liability insurance is a specialized policy that is customized to cover many of the risks your business faces from an information breach and may even cover some risks you might not have thought of.
A cyber liability insurance policy can help you to cover the expenses associated with a cyberattack. Additionally, some commercial cyber liability policies cover loss of business while your systems are compromised or unavailable.
Contact us today to learn more about how we can protect your organization.
This article is not intended to be exhaustive, nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.