How to Prevent Security Incidents
No industry or organization is immune to cyber security attacks or a data breach. Network security threats exist perpetually and eliminating all computer security risks may be an impossible task. However, there are recommended measures and best practices which can increase the effort required to breach a network or to compromise data security. Effective security practices should be incorporated into the overall security defense strategy to protect an organizations’ network and resources. Preventing problems is far less costly and more effective than reacting to security incidents after they have occurred.
Eight common practices to address vulnerabilities, exploits or weaknesses that expose companies to risk are:
- Patch Management
- System Hardening
- Network Security
- System Monitoring
- Malicious Code Prevention
- User Awareness and Training
- Having a Plan
There are many reasons software patches are released including fixing known security risks. Hackers are creative and smart, but they are not nice. They use known and unknown application or system vulnerabilities to exploit unpatched systems. The Common Vulnerabilities and Exposures report (CVE), funded by the United States Department of Homeland Security, is a dictionary of publicly known information security vulnerabilities and exposures. Companies can remain secure from known vulnerabilities but only if they keep their system patches up to date.
According to the 2015 Verizon Data Breach Investigations Report, 99.9% of all exploited, but avoidable, vulnerabilities occurred more than a year after the Common Vulnerabilities and Exposures (CVE) report was published. IT management should establish a formal system patching policy to mandate the patching frequency, risk assessment, testing and implementation methods. Patches should be applied to insure browsers, browser plugins, applications, and operating systems including mobile devices remain safe from known exploits.
All systems need to be hardened (secured) appropriately. Thinking about building a high security prison, you would need to remove big windows and limit entrances and exits in order to keep the prisoner (in our case, information) secure. Systems including servers, desktops, laptops, and mobile devices should be configured to only provide the minimum necessary services and only to appropriate users and systems. Default passwords should be changed. Enable auditing on critical and significant security-related events. Organizations should establish system security standards and configuration guides to insure consistency and effectiveness.
Enable Intrusion Detection and Prevention to protect unpatched vulnerabilities from being exploited, to protect against social engineering attacks, and to stop malware from reaching endpoints. Network Configuration should deny all activities that are not expressly allowed. Establish network access rules that allow only valid access. Conducting regular Vulnerability Assessments can help identify threats and vulnerabilities.
Understand the normal behavior of networks, systems, and applications. Develop network and system profiles to better recognize unusual behavior. Conduct in-depth system and network security audits and review system log files to monitor compliance to security protocols or violation alerts.
Data in transit or at rest should be protected. Many states require notification if a breach compromises unencrypted personal information. Organizations should establish a data encryption policy to dictate data classifications and identify data that needs to be encrypted. However, encryption should only be part of the overall security and data protection strategy and should help support other security measures.
Malicious Code Prevention
Ensure all systems have antivirus software installed. Block files with suspicious file extensions or file extension combinations that are associated with malicious code. Limit the use of nonessential programs that have file transfer capabilities.
Many computer worms spread through unsecured file sharing. Eliminating open Windows file sharing helps prevent externally connected host computers from directly infecting internal servers through open or unrestricted file sharing. Use web browser security settings to prevent unsigned ActiveX controls or other mobile codes from being unknowingly downloaded and executed. Configure Email clients to act more securely.
User Awareness and Training
Users should receive ongoing training to be made aware of an organization’s security policies and procedures and appropriate use of system resources. Employee, contractor and vendor training can reduce mistakes that could lead to breaches. Training improves user awareness of abnormal behavior and reduces the frequency of security incidents especially those involving malicious code or violations of acceptable use policies.
Have a Plan of Action
A good number of small businesses lack a security breach response plan of action and some say they don't know where to begin in terms of cyber security. Having a sound security incident response process is necessary for quickly detecting incidents, minimizing the loss and destruction of company resources, mitigating exploited vulnerabilities and restoring business processes to normal.
Eliminating all computer security breaches may be an impossible task. However, implementing effective procedures and the right cyber security strategy plan can greatly reduce the frequency of incidents and protect normal business processes and company resources.