From Risk to Resilience: Proven Strategies for Improving Organizational Cybersecurity

The modern technological age has introduced exciting developments that have ushered in opportunities for our future, but along with them are risk factors which can be a threat to an organization’s assets, operations, and success. Even with the aid of elite security services, navigating the evolving threat landscape is no simple task. Every organization, no matter the size or market in which they operate, is subject to risk, and if left overlooked can lead to a security breach. With that in mind, we have compiled a list of 10 common, yet effective, methods for enhancing an organization's security that will lead to peace of mind.

1. Practice Internet Safety Best Practices

From e-mail attachment Trojans to look-alike phishing login pages and information gathering through social engineering, many of the most devastating security breaches stem from a disregard of simple best practices which can help safeguard an organization computing environment and the users who operate within.

Recommendations:

• Discourage organization members from clicking links to unknown sources.
• Remind them to never download software from untrusted sources.
• Issue social media guidelines, so that no sensitive organization information is shared over unencrypted channels.

2. Perform Routine Phishing Campaign Tests

Even threats as notorious as the former “EMOTET” banking Trojan rely on email and phishing tactics for distribution. Well-crafted phishing emails are becoming more evasive thanks to the adoption of tools and techniques including AI content generation, and macro laced file attachments to deceive and compromise unsuspecting organizations. Though common, targeted and non-targeted phishing campaigns remain an essential tactic for threat actors who use disinformation and deception to entice unsuspecting users into providing information and infrastructure access.

Recommendations:

• Organize internal phishing campaign simulations which spread awareness and arm users with practical knowledge and experience.
• Consider implementing added e-mail protection software and services to help cover all bases.

3. Keep a Running list of Approved Applications

In late 2020, it was discovered that the developer of a commonly used software platform –SolarWinds Orion – had been compromised. Every adopter of the software throughout several industries was potentially vulnerable to a backdoor dubbed SUNBURST. Organizations had to scramble to check their systems for the presence of the software version that had been compromised. By limiting the number of unique applications in an organization’s environment, one benefit by avoiding unnecessary complications from similar potential software vulnerabilities. You also set expectations on what kind of application functionality is considered acceptable in the workplace, which helps to further mitigate other unexpected activity within the environment.

Recommendations:

• Consider keeping an Application Repository containing only company or organization application software necessary for daily operations.
• Monitor for non-authorized software and set “Acceptable Use Policy” guidelines to strengthen the unity of an organization.
• Avoid relying on deprecated software which can put an organization at risk.

4. Keep Your Environment Up to Date

Whether an organization uses workstations, servers, laptops, mobile devices, or a combination; keeping device operating systems and commonly used organization software up to date with the latest security patches is one of the easiest ways to help fortify defenses against malware, network intrusion, and other unwanted security issues.

Recommendations:

• Advise users to perform software updates on a regular basis.
• Consider automated patch management via Active Directory and PowerShell scripting.
• Use policy compliance applications such as Microsoft Intune to ensure users are following organization update procedures and version requirements.

5. Keep Admin User Privileges in the Right Hands

Not every user in the organization needs power-user functionality. Take for instance, the humble sales representative; nearly every business has them, and they tend to work similarly in every vertical market. The sales role typically involves necessary evils such as the need for communication with vendors or clients who reside outside the organization, often using email correspondence and file attachments. This is an ideal avenue for threats like macro-laced office documents, which have the potential to download and execute PowerShell scripts. Considering that most sales representatives don’t need PowerShell access, this is one case where a threat can be easily avoided. This is a prime example of how limiting access to specific roles within an organization can help lessen the odds of a successful breach.

Recommendations:

• Use Group Policy settings to limit or eliminate unrestricted user permissions and use least privilege policies whenever possible.
• Consider creating local non-admin users where available.
• Separate organization roles whenever possible to limit access to tools and information.

6. Cover All the Bases

Operating within a security operations center (SOC) provides valuable insight into trends that can benefit clients wanting better security and peace of mind. One of the most common trends by far takes the form of lateral movement, which is a tactic whereby an attacker – who has already gained access to a single compromised endpoint – uses sophisticated techniques to gain further access and traverse throughout an environment. If there are even a handful of unmonitored endpoints in an environment, it provides an entry point for an advanced persistent threat, and by the time a SOC is aware of the threat, the threat has already broke ground and attempted to spread throughout the rest of the monitored and protected environment. Managed detection and response (MDR) endpoint protection is an excellent starting point for safeguarding your organization, but with the addition of these security solutions, one can better the odds against security threats.

Recommendations:

• Implement periodic internal checks of the environment to ensure that devices are monitored and protected by a endpoint detection and response (EDR) software solution.
• Check for the presence of key modules and make sure that endpoints have the latest version installed.
• Consider a perimeter firewall for publicly available server endpoints; or web application firewall for external applications, which might include login or administrator portals.
• Phishing prevention software and services can help mitigate unwanted external requests for information and access.
• Require a VPN connection for any form of remote work operations and discourage the use of unsecured, remote access protocols such as Secure Shell (SSH), File Transfer Protocol (FTP), Remote Desktop Protocol (RDP), and Server Message Block (SMB) that might be exposed to the public internet.
• Know what and where assets are and where important or critical data resides.

7. Enforce Strict Password Requirements and Implement Multi-factor Authentication

This may very well be the most common of all our listed security risks, but also the biggest downfall of many breached organizations. Given the option, everyday users within an organization will always opt for convenience when creating a user password credential. By requiring strict password requirements, one can lessen the odds of user account compromise. Multi-factor authentication (MFA) has become an invaluable if not near-necessary addition to secure account logon procedure. When paired with strong password requirements, one can significantly lessen the chance of user account-compromise.

Recommendations:

• Whenever a new account is created, require a mandatory password reset to eliminate use of default passwords.
• Discourage users from reusing passwords across multiple accounts, services, or software.
• Set case-sensitive, alphanumeric, length, and special character requirements to encourage password complexity.
• Set password expiration requirements to ensure that users reset their passwords at regular and frequent intervals and checks against similarity to previous passwords.
• Reset passwords as necessary should account compromise be discovered in the wild as the result of a prior breach.
• Consider MFA requirements for your organization.

Consider the type of MFA that may work best for your organization, such as physical tokens, versus application or SMS-based. Some solutions may end up more costly than others or may be bundled with other services for cost savings.

8. Sanitize or Prohibit the Use of Removable Storage Devices

Removable storage devices have become something of a modern day trojan horse, like a box of chocolates, “You never know what you’re gonna get." As such, sometimes the best approach is to avoid them altogether. In cases where it’s not an option, consider sanitizing them after each use.

Recommendations:

• Consider providing alternatives, such as a company SharePoint site or cloud storage solution.
• Sanitize removable storage devices after each use.
• Consider prohibiting the use of removable storage devices through policy.
• Don’t install or connect removable storage devices from unknown or untrusted sources.

9. Implement a Backup Strategy

Redundancy is key when recovering from any disaster, be it IT or security. Taking the necessary steps to implement a backup solution today may help save your organization tomorrow. Consider how and where backups are stored, and how they may be implemented in the event of a security incident or a disaster.

Recommendations:

• Consider scheduled, remote, and/or cloud backup services.
• Regularly exercise disaster response plans to ensure familiarity among key stakeholders, as well as validation of processes and procedures.

10. Don't Leave Devices Physically Unlocked or Unattended

This may also seem obvious, but good physical security helps lead to good cybersecurity.

Recommendations:

• Consider supplying your organization members with physical locks to secure devices when in large, corporate environments.
• Remind members of the organization to secure their work phones or untethered mobile workstations when leaving the office.
• Consider BitLocker or similar encryption to protect data at rest.
  
  

Implementing the 10 concrete steps outlined in this article is fundamental to bolstering your organization’s cybersecurity efforts. A proactive approach, encompassing continuous monitoring and rapid response, ensures the safeguarding of valuable assets and the seamless continuation of your mission. Let these strategies be the cornerstone for a resilient and secure organizational future.