Enhance your business's defence against cyber threats with five straightforward actions that can be implemented today
How to steer clear of some common pitfalls
The sad truth is that many of the incidents we investigate could have been prevented or mitigated by simply applying some basic security principles. Here are five simple things that businesses like yours can do to improve their security posture overnight:
1. Software control
Scenario: A user needs to edit a PDF document. They search online for an application that can help them. They find a free tool and download it on their laptop, little suspecting that they’ve just infected your environment with malware.
Solution: By restricting software installation to administrators, you can ensure that only safe approved applications with a legitimate business purpose get downloaded. It will also mean that software can be included in your patch-management programme (another term for security updates). Patching, or updating, software regularly ensures that you’ll be running the latest, most secure versions, reducing the risk that a threat actor will be able to exploit a known vulnerability.
2. Reviewing accounts and passwords
Scenario: An employee sets a weak password for their account. They subsequently leave your organisation, but their account remains active, and it still has that weak password. This leaves the door ajar for threat actors who can easily brute-force or guess the password, gaining unauthorised access to your environment, and potentially causing significant harm.
Solution: You can significantly reduce this vulnerability by implementing and enforcing a strong-password policy, one that requires employees to use complex passwords that are unique to a particular account. It’s also important to make sure all accounts associated with former employees are deactivated as soon as they leave the organisation. It’s also a good idea to encourage the use of password managers to help employees manage their passwords securely. Regularly updating and rotating passwords mitigates the risk of stolen credentials being abused.
3. Reviewing and protecting open ports
Scenario: Your organisation leaves the Remote Desktop Protocol (RDP) port (typically Port 3389) open on your network. An attacker scans the network, identifies the open RDP port, and uses brute-force techniques to gain unauthorised access.
Solution: Conducting regular scans of your network to identify open ports, including the RDP port, will make your network less vulnerable. Be sure to close any ports you don’t need open for normal business operations. For essential open ports, like RDP, implement strict access controls, like multi-factor authentication (MFA) and strong passwords. Restrict RDP access to trusted IP addresses, and use a virtual private network (VPN) to provide an additional layer of security. It’s good practice to monitor ports continuously for suspicious activity and use firewalls and intrusion detection/prevention systems to protect against unauthorised access.
4. User-awareness training
Scenario: An employee receives an email that appears to be from a trusted source. It asks them to click on a link to access a document. They do so, and are then prompted to enter their Microsoft username and password. Acts of deception like this enable threat actors to capture users’ credentials and gain access to sensitive information within the mailbox.
Solution: You can help prevent this by implementing an ongoing security awareness training programme for your employees covering topics like phishing, social engineering, password security, and safe internet practices. Use real-world examples and interactive training sessions to engage employees and reinforce learning. Regularly update training content to address emerging threats, and conduct simulated phishing attacks to test employee awareness. Make sure all employees understand the importance of security, and how to report suspicious activities.
5. Managed Detection and Response (MDR)
Scenario: Your company has antivirus software and firewalls. What it doesn’t have is real-time threat-detection and response capabilities. You may not have the resources to monitor alerts, leaving you reliant on your antivirus product to quarantine and remove threats. But threat actors can infiltrate your environment without ever needing to install malware. So an antivirus product alone won’t always be sufficient to detect suspicious activity, and a threat actor could remain undetected in your environment.
Solution: Deploying a Managed Detection and Response (MDR) tool provides 24/7 monitoring, threat detection, and incident response. MDR services use advanced analytics, threat intelligence, and human expertise to identify and respond to threats in real-time. This proactive approach helps detect threats early - and minimise potential damage. At Solis, we offer a comprehensive and affordable MDR service. We’d be happy to help, so please reach out to us if you’d like to find out more!
Simply by addressing the five points outlined above, you could massively improve your organisation’s protection against cyber threats. If you’d like to know more about any of the topics covered here, please get in touch and we’ll be happy to provide some more detail.
