Spring is a good time to do some cleaning; put away winter clothes and ski gear, open windows and let spring breezes clear out the dust that gathered through the winter. But it’s also a good time for IT and cybersecurity teams to “spring clean” their security postures as well.
Below we share 10 quick and easy ways to “clean up” your cybersecurity practices and adapt to the security threats we face daily.
- Don’t Overexpose Your Management Ports – One of the first things any IT team should do when “spring cleaning” their security posture is to review open administrative management ports across their network. Many hardware and software platforms open web-based management ports (typically running on product-specific ports) at least locally, to help you manage those products. While opening those same ports externally can make remote IT activities easier and more accessible, it can also create vectors that hackers can exploit to attack your network and gain privileged access to devices. It is important to know that malicious actors can see whether management ports are open. This port information is readily accessible for all types of devices on the Internet, and malicious actors are routinely scanning the Internet in search of open ports. With an ever-expanding attack surface that includes IoT and OT devices, it’s important to make sure that any ports that don’t absolutely need to be open are closed. If you need to manage your WatchGuard appliance remotely, see this article to help you do so securely.
- Update Everything – IT teams are often overtaxed, so it’s common for routine tasks like updating firmware and installing software patches to be postponed to address other issues, or due to concern about disrupting the business. Stepping into this prioritization trap can lead to major consequences as many successful attacks could have been prevented through promptly installing available patches and firmware updates. While most companies have a good software patching schedule, many still overlook hardware product updates, in part because updates aren’t quite as regular. This spring season (and summer, fall and winter), put extra priority on your firmware updates.
- Make MFA the Rule Rather Than the Exception – Implementing multi-factor authentication (MFA) is a vital step in protecting your business from cyber threats, as it renders leaked or stolen usernames and passwords useless to threat actors. Some laws and regulations require MFA, and MFA is also increasingly a requirement to obtain cyber insurance. If your business is new to MFA, and adopting an across-the-board MFA policy seems too daunting, start with the most important areas now. For example, anything that uses remote access should require MFA immediately, Also, add MFA for access to your most critical assets and applications like financial information, employee data, etc., which should only come via MFA. If anything needs to be delayed, endpoints within your local area network can be pushed to “phase 2” of your MFA rollout.
- Cross-Reference Hashed Passwords – You need MFA, but it’s also important to maintain good password practices/hygiene. Attackers can access troves of stolen credentials on the web. In addition to requiring strong passwords and changing them regularly, take a look in your active directory and cross reference your employees’ hashed passwords with leaked hashed passwords on the dark web. Are you finding your employees’ passwords in the underground? Change them immediately!
- Map Your Network – Organization is key to any spring cleaning effort! Do you know the location of all devices with access to your network? It’s important to create and maintain a map of devices with management interfaces such as printers, routers, etc., that are logged onto your network. Network mapping allows IT teams to see what’s happening in their networks, create a patching/upgrade schedule, and catch any problems faster so they can be dealt with quickly and efficiently. Yeah, you might have mapped it last year, but remember, most IT professionals find their networks change organically, with others often adding new devices they don’t expect.
- Test Those Backup and Disaster Recovery Procedures – It’s a good practice to back up your data and information and have a well-established disaster recovery plan in place. Spring is a great time to test that your backups and procedures work. What happens when you try to restore from a backup? Ensure that your business continuity plans work as expected before you need them.
- If You Don’t Use It, Remove It – Old and unused accounts are often exploited as attack vectors. If you still have accounts for ex-employees or former contractors, remove them. This goes for unused applications as well, unused servers, and even unused firewall or security policies. Minimize attack opportunities wherever you can.
- As Threats Evolve, Policies Must Adapt – CISOs and infosec leaders should regularly review and update their security policies. What made sense a few years ago (or in the world of cybersecurity, a few weeks ago) might not be sufficient today. The threat landscape is constantly changing and evolving, and policies around every aspect of security including acceptable use practices need to adapt to these changes.
- Train Your Employees – Along with those policies, humans need to adapt to the evolving threat landscape. If your organization does yearly training around cybersecurity awareness and best practices, think about adding a mid-year one, too. The threats (and your employee base) change too quickly to rely on yearly training. Instead, regularly send fake phishing emails and see what happens. If you’re in a physical office, drop a USB or two in the kitchen or on the floor and see if anyone picks them up and tries to use them. Employee awareness is an important step in being prepared!
- Stop Them in Their Tracks – Getting ahead of the attacks is important, but we can’t stay 100% ahead; sometimes they happen. So, detection must be top of mind as well. Doing a quick audit of your user log ins can alert security teams to unusual user behavior quickly. Is someone accessing sensitive data they shouldn’t? Are there logins from unknown users in strange locations? Vigilance can stop both insider and outsider threats.
BONUS Tip! Check with your MSP – Many of you have chosen to focus on what you do best – running your business – and are working with an MSP to manage your company’s security. So add a strategic check in with your MSP to your spring cleaning list. The cybersecurity threat landscape is constantly growing and evolving, just as your business is growing and evolving, too! Make sure your MSP is well-aligned with your business status and goals, so they can provide you with the best security today, and into the future.
For those of you out there who are ahead of the curve and may have already completed these spring cleaning tips, consider taking your cybersecurity to the next level by adopting a zero-trust architecture today!