,

7 recommendations to protect your systems

Cybersecurity is an issue for all of us. We need to improve cybersecurity risk management and better identify threats, vulnerabilities and risks. From the Centre for Internet Security (CIS), the Australian Signals Directorate (ASD), the American National Institute of Standards and Technology (NIST) to the British Government’s Communications Headquarters (GCHQ), they all have recommendations. But how do you see the forest through the trees? In this blog post, we provide you with our selection of 7 recommendations to protect your systems.

  1. Maintain an inventory of devices and software
    Do you know the systems that are active in your environment? And do you know which systems are authorised to be there? You need to know your IT environment like the back of your hand to ensure you know what you should be protecting.
  2. Maintain and apply secure configurations
    Default settings and out of the box configurations are a no go. They are often way too permissive, so they can easily be abused. Use the good practices you find online to create and apply security configurations for all devices and software you manage.
  3. Patch systems and software and manage vulnerabilities
    Security patches are made continuously available for nearly all software used in a business environment. Hackers know about a security problem if there is a patch for it. So you need to patch your systems before anyone abuses the holes you leave in your system.
  4. Monitor security logs
    Don’t wait for someone from the outside to let you know that you are breached. Be proactive and read the signs. Where? In your security logs. Allocate time for people to monitor the security logs and prioritise this task. Only then will you be able to notice suspicious activity and investigate.
  5. Use active and heuristic malware protection
    A lot of new techniques to fight malware are excellent additions to traditional measures. Use those new features in browsers, email clients, office suites and operating systems among others. Test new types of tools for fighting malware. But don’t let vendors fool you into believing that they have the silver bullet. Effectively fighting malware means betting on more than one horse.
  6. Use signature, known-bad and reputation based malware protection
    Do not write off your ‘old’ antivirus, because it still has a place in your defense strategy. Make use of the variety of complementing services that can feed you information that help to block dangerous network traffic, files, emails, websites etc. Don’t just do this using the protection software on your endpoints, but also filter and block on your gateways to the Internet.
  7. Restrict network communications
    Hackers don’t want anything more than to move around freely on your network. You have to make this as hard as possible for them. Move away from a network design that allows every system to communicate with every other system, no matter how convenient that may be. Use network segmentation and filter network traffic between systems and segments so you can block communications you don’t like. Segmentation also makes it possible to lock down segments if there is a localised breach.
    Introduce security levels in your network zones, so that you’re able to deploy security measures in the security zones that need them. That makes your measures more cost effective.
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *