Security is a vast and OFTEN misunderstood subject

So I’m never surprised when I find many protection plans to be woefully inadequate and poorly managed and executed.
Many plans are centered purely around Viruses and Spam and are outward-facing but that's a small part of the attack surface and the ever-growing landscape of very clever threats and subversions.

Over the past few months, many of my clients have been subject to several concentrated outside hacking attempts. All of which, I’m happy to report, have been successfully stopped.

Unfortunately, the probing and attacks never stop, so your UTM firewall is the typical and more traditional first line of defense. And, like all security measures, it must be continually monitored and updated (preferably automated) to ensure it remains capable of handling the diversity of existing and ever evolving threats.

"so I’m never surprised when I find many protection plans to be woefully inadequate and poorly managed and executed"

Even with this defense in place, you are still vulnerable to many potential subversions, especially ones initiated inside your network from compromised devices (and people!). These threats can take various forms from password sharing, malicious or ignorant/careless user action, as well as malicious software like ransomware and their kind.

Security breaches by way of data loss, either malicious or accidental, can be challenging to guard against, especially if the subversion has been festering over an extended period. Monitoring for breaches and trends is paramount in maintaining control of your data assets.

The first step (in no particular order) toward this is to enforce your security policies that:

• Limit the ability to remove and transport data
• Limit access to data by department / groups
• Manage and monitor user rights with segregation of duties

Of course, security enforcement is a balancing act and must be finely tuned so as not to restrict access to information where it’s actually needed.

“Knowing there is a trap is the first step in evading it.” – Frank Herbert

The next step is to implement data loss prevention tools to monitor user access and block the outward transmission of data. File auditing tools are extremely helpful in tracking file access on fileservers and in cloud environments like OneDrive and Dropbox etc.

In all honesty, it’s best not to get infected in the first place, so one of the critical factors in remaining vigilant against potential threats is user education.

“Knowing there is a trap is the first step in evading it.” – Frank Herbert

We’re all aware of viruses and exploits, but several areas require constant attention in line with, and in addition to, the measures outlined above.
Below is a little more detail on the areas you need to manage around best practice, governance, and risk:

• Review IT security and management policies / procedures and their enforcement
• Ensure you have the latest AV/Malware scanning software on all endpoints (client / server devices, firewall, etc.)
• Ensure you have the latest security patches installed on all devices
• Ensure the most recent operating systems and firmware is installed on all devices (Server / PC / Mobile / Routers / Firewall etc.)
• Enforce minimum required security standards to connect to the network
  

• Enforce strong password standards including two-factor authentication (2FA)
  
• Secure inward and outward network access including perimeter internal/external defenses and reduce the surface attack area
• Secure data against damage and loss
  
• Review and Improve access control and monitoring
  

• Secure Active Directory:

1. Against credential theft
   
2. Reduce AD attack surface
3. Implement Least-Privilege administrative models
   
4. Implement Secure Administrative hosts
5. Secure your domain controllers against attack
6. Implement 2FA on cloud access

• Implement remote management and monitoring tools
• Encrypt your line of business data
• Protection of personal data – compliance with GDRP requirements
• Data Backup and Data Sovereignty

• Business Continuity – more than just data backup!

1. Prepare for before, during, and after the disaster - It will happen.... the only unknowns are when, where and magnitude of the impact
   
2. Pay particular attention to the following areas:

• staff
• core products and services
• essential roles and tasks (including media representative!)
• essential supplies
• essential equipment
• key customer/clients
• relocation options
• insurance requirements
• delegation of authority
• back up your records

Most importantly - Plan and Be Ready

• Develop and construct your plan;
• Save the plan;
• Then Practice the plan!