By: Joshua Skeens
Improving your cybersecurity and keeping all your devices, users, and data safe may seem like a daunting task, but that is where this two-part guide and the experts at Cerdant come in. showed you how to begin fortifying your cybersecurity posture given a limited budget, limited timeline, or minimal internal expertise.
In part two, we will expand beyond the basics and explore some next steps you should consider taking to further fortify your organization’s cybersecurity posture.
Determining Your Next Steps
Consider a hypothetical situation: You come into the office on Monday morning, and your boss says, “Great news! We now see how important cybersecurity is, so we’ve decided to increase your cybersecurity budget tenfold. Spend it wisely!”
Now that you have all the funds you need to keep your organization secure, how do you go about spending that budget effectively?
Let’s start by revisiting the basics we covered in part one:
- How to assess your risks and vulnerabilities
- How to implement next-gen endpoint control
- How to implement next-gen firewalls (NGFs)
- Why you should be using multi-factor authentication (MFA)
- Why you need to severely limit who is granted administrator access
Consider Investing in Better Email Cybersecurity Features
Upgrade Your Spam Filter
Until this point, you have likely been using your default spam service to keep costs low, but with your newly increased cybersecurity budget, you should consider an upgrade. Most default spam services are okay, but a few suspicious or outright dangerous emails are still likely to get through.
The 2019 Verizon Data Breach Investigations Report found that 90% of malware is delivered by email. This means that there is a good chance that if a suspicious email gets through your spam filter, one of your colleagues might accidentally click a malicious link, or download a malicious file, compromising the cybersecurity of your entire network.
Investing in a spam filtering solution such as Proofpoint can dramatically reduce your organization’s attack surface, reducing or even eliminating a suspicious email’s chance of ending up in someone’s inbox instead of their spam folder.
Consider Adding a URL Sandboxing Feature
To further safeguard your organization’s email, you should also look into additional features such as URL sandboxing, which ensures that any URLs sent in emails are first scanned offline to ensure they are safe before they arrive in employee’s inboxes.
Consider Tagging External Emails
You should also consider adding an external stamp to the subject line of each incoming email that originates outside of your organization. This simple, easy-to-implement cybersecurity feature alerts employees when an email has originated outside your organization, dramatically reducing the chances someone will fall for an email from a “colleague” asking for sensitive information. Almost all popular email hosting and spam filtering services offer this feature.
Secure Remote Access
Even before COVID-19 made remote work the norm instead of the exception, many organizations were already offering employees the option to work from home instead of on-site. This not only presented more flexible work options for employees but also allowed businesses to expand their reach by hiring remote workers.
However, remote work presents a host of unique cybersecurity problems and could leave your organization vulnerable. Remote workforces are particularly vulnerable to phishing scams and social engineering attacks, and remote workers are more likely to log on using public WiFi or other less secure connections.
Secure remote access solutions like the one offered by Cerdant can help minimize surface threats and keep your employees, and your company, secure by:
- Enforcing granular access control policies
- Offering high-performance layer-3 SSL VPNs
- Giving you complete visibility into every connected device
Our solutions also offer browser-based clientless secure access and provide flexible proxy options with SSL offloading and authentication.
Manage Your Patches Better
Patches refer to small updates released by software companies. When a software company discovers a vulnerability in their product or wants to offer existing customers access to a new feature, they release patches.
Keeping your software up to date and installing all security patches is a free, easy step to improved cybersecurity. However, depending on the nature and size of your organization, having someone regularly install software patches on every device on your network, or relying on each team member to keep their patches up to date, may not be feasible from a cost or productivity perspective.
To help keep your software secure without needing to pull team members away from other tasks to update everyone’s software, you should consider automating your patch management process. Using automation, your network can automatically scan applications for missing patches, download and install new patches as they are released, and report the status of automated patch management tasks as software is updated.
Consider Removable Media Protection
Another measure you may want to consider taking is securing removable media. Make sure that all removable or external media (such as USB flash drives or SD cards) are encrypted in case they are lost and stolen. This ensures that, should a device fall into unauthorized hands, whoever has it won’t be able to access any sensitive files on the device.
You should also have strict rules governing external device use. A common attack used by cybercriminals involves leaving USB sticks infected with malware in semi-public areas, such as building lobbies and parking lots. Unsuspecting workers pick up the “free” devices (which may even feature the target organization’s logo on them to make them look more legitimate) and plug them into their machines, which can compromise the cybersecurity of your entire network.
Never insert a USB storage device into any computer on your network if it has ever been outside of your control.
Take Your Security to the Next Level with XDR, SIEM, & SOCaaS
Endpoint detection and response (EDR) solutions are vital for detecting and addressing endpoint-related incidents. However, threats are constantly evolving, and many attacks now target both endpoints and other areas of the IT environment. As such, your security solution needs to evolve as well to help ensure your network and other digital assets are protected.
SIEM (security information and event management) software combines security event management (SEM) and SIM (security information management). SEM involves analyzing log and event data in real-time in order to monitor for threats, respond to incidents, and correlate events. SIM collects, analyzes, and reports on log data. Managed SIEM and SIEM as a service offerings have a variety of benefits as well as drawbacks that need to be considered (which we discuss in-depth in this article).
XDR solutions, like Cerdant’s SentryXDR, extend the traditional scope of EDR, offering both context and data about cybersecurity events on your network, your cloud, and anywhere else. XDR offers a unified security platform, giving security analysts the information and tools they need to track attacks across multiple network layers and security silos, learn the attack story, and respond to threats using a single interface.
SentryXDR leverages AI and machine learning SIEM technology, allowing our experienced team of SOC analysts to provide you with relevant and actionable alerts in real-time. SentryXDR offers multiple options (SentryXDR Edge, SentryXDR Insights, and SentryXDR 360), so it’s easy to find a solution that works for your organization.
SOCaaS (security operations center as a service) is a fairly fluid term that can be used to describe almost any company that offers some sort of managed security product or solution, from basic 24/7 monitoring up to comprehensive threat detection and mitigation. Because this definition is so broad, it is important that you do a deep dive into any SOCaaS business to ensure they have the skills and expertise to meet your needs.
Whichever route you choose to take, you need a solution that continually monitors your network and endpoints for suspicious activity, alerts you or your managed cybersecurity services provider of potential threats, and has the tools and skills in place to quickly and effectively address any incidents that do occur in order to minimize or even avoid damage.
Invest in Security Awareness Training
Even the best cybersecurity plan can’t protect your organization if your team isn’t on board. Cybersecurity awareness training teaches your employees why cybersecurity is important and emphasizes the role they play in safeguarding your organization, and gives them the knowledge and practical skills they need to protect your digital assets.
Cybersecurity awareness training covers a wide range of topics, from how to identify phishing emails to how to respond to a full-blown attack. As part of your training, you may wish to conduct tabletop exercises. Tabletop exercises are like cybersecurity fire drills: Your team is presented with a hypothetical cybersecurity incident and needs to use their newfound cybersecurity skills and training to respond effectively.
Tabletop exercises are incredibly useful because they allow your employees to respond to a hypothetical threat in a no-stakes environment. This not only allows them to practice their response before an actual incident occurs but is also useful for highlighting any shortcomings in your current cybersecurity posture so they can be addressed.
Keeping your entire organization secure may feel impossible, but the experts at Cerdant are here to help. Cybersecurity is our entire focus, and our team of experts has extensive experience, skills, and certifications across the cybersecurity spectrum.
How can we help you improve your cybersecurity posture? Book your security assessment today.