Email is arguably the longest serving yet most abused tool we have in business. We use email for personal and business for endless reasons so logically we must defend this channel. Email filtering is a critical weapon in a defence in depth strategy. More than just Spam, embedded media, hyperlinks, and phishing are the tip of the iceberg when it comes to the torrent of malicious content we receive daily. With on premise, cloud based, and hosted options, defence is scalable and affordable. Consider also leveraging sandboxing and web filtering. Endpoint protection should be the last line in email defence.
Sandboxing allows you to isolate, execute, and validate a program before permitting access. Applications such as mobile apps and web browsers act as sandboxes by running code in containment, permitting access to other resources with explicit consent. Dynamic analysis of traffic yields greater benefit by testing the code prior to ingress. Not just a developer’s tool, consider sandboxes for inline use to inspect live traffic or for secondary inspection when offloaded from other security appliances. Many affordable options exist for on premise, hosted, and cloud deployments. Sandboxing is an excellent layer in a defence in depth strategy for your business.
Backing up critical data has been one of the longest standing but most often overlooked strategies. With a wealth of options to choose from, we have no excuses to not backup our most valuable asset: information. Many media types are available along with cloud options. Enterprise may consider hosted solutions and disaster recovery sites. Planning is essential. Make sure crucial data is included as new systems come online and data stores are moved. Include backups of network devices. Avoid storing corporate data on local computers. Regular testing and annual disaster recovery exercises are obligatory. Remember backing up your personal data.
Multi Factor Authentication adds another layer of defence that makes the difference between breaches and disaster avoidance. Users may object to the introduced “complexity” but the value to their personal and professional lives must be understood. Organisations should plan the implementation in a phased approach using a prioritised list of defended assets. Whether using mobile apps, biometric, or established solutions such as fobs and smart cards, MFA has evolved from being an option to a necessity, especially in our cloud focused environments. From critical payroll data to personal social media, you must consider using MFA against the present threat landscape.
We often install applications with factory settings but never bother hardening them properly. Default passwords, outdated versions, open ports, and insecure services introduce vulnerabilities to your environment. Begin with an inventory of applications, understand how to secure them, and then move forward with configuration changes to improve your security posture. Use vendor and industry best practices when securing your applications but remember to thoroughly test the solution and use change management lest we create unintentional denial of service attacks. Patch applications to the current versions and enable logging and alerting. Use the principal of least privilege when granting application access.
Microsoft Office macros represent significant efficiency but also a vulnerability when not managed correctly. The ability to automatically execute tasks and code is a double edged sword when entire systems may be impacted. Verification and testing of macros is mandatory, underpinned by secure distribution, policy, and digital signatures. Rare is the environment without macros where disabling them completely becomes an option. Consider macros beyond the Microsoft space. Do not trust any macros that have not been vetted. Revoke the ability of users to modify the macro policy settings. Train staff on macro safety. Restrict macro privileges. Enable auditing and alerting.
Patching operating systems may be more critical than patching applications. While applications may be the action, the operating system enables the action. We all think of the ubiquitous Windows operating systems but should never overlook Linux, Unix, Mac, mobile platforms, and even IoT and network appliances. Like applications, products are released with imperfections and by various means, the vendors endeavour to resolve those imperfections. Wannacry and Petya are recent examples highlighting the need for a patching strategy. Get informed, get involved, and get protected by making it part of your regular maintenance. Acquire patches, verify their purpose, test, and deploy.