We compiled a list of 5 essential cybersecurity practices that you must absolutely implement to get the basics of cybersecurity right.
As a consultancy company specialized in information security, Toreon’s experts come to companies of different sizes and nature. However, the following 5 essential cybersecurity foundations are important in any IT environment, regardless of the number of users, whatever services IT provides, whether private or public.
In order to secure something, you first need to know what it is you’re trying to secure. That may seem logical, but in an IT environment it means managing your IT assets thoroughly. This means that you keep an inventory of both tangible and intangible assets that are important for the continuity of your environment. And that you appoint an owner for each of these assets. These persons are then responsible for the completeness and correctness of the data you keep of assets, and act as the first point of contact for questions or problems regarding the assets for which they are responsible.
In order to protect an IT environment against abuse and cyber attacks, it is essential that the users of the environment are known. How can you otherwise distinguish between legitimate use and abuse? And in order to know who your users are, you need a system to manage their identities. Such a system is not just a tool, but rather a combination of a process, procedures, roles and responsibilities, and possibly a technical solution to support them. This system forms the basis for determining who has which rights, and when one should get and lose these rights.
An information security policy does not have to be complex. The most important thing about a policy is that it is documented, validated by authorised persons, and that it is implemented. And it is the latter requirement that typically causes difficulties. After all, implementing a policy requires communication, not once but repeatedly. It’s about everyone involved knowing, understanding and complying with the policy. And typically, all users are involved in the information security policy.
It goes without saying that systems and software have to be up-to-date. And yet this often causes problems. Patches are released frequently, and often installation is accompanied by some operational impact. It is important that the critical security patches are applied quickly. After all, as soon as a patch is released, it is publicly known. So not only the solution, but also the problem it solves. And for hackers, this is a manual to attack an IT environment. A solid patch policy is therefore very important. And by means of vulnerability scanning it can be validated whether the policy is correctly and adequately adhered to.
Finally, safety measures are only as strong as the weakest link. Often we find that human error is at the source of security incidents. Hackers focus more and more on the user because this way one can often easily access internal systems and infiltrate further into the network. Organizing information sessions and other forms of communication to make people aware of the dangers is therefore extremely important. This is not only a preventive measure; the early reporting of a potential incident can also make a world of difference. If a user has clicked on a dubious link, they should be urged.
