Security controls implementation: Safeguarding data
One often misunderstood element of improving your security posture centers on controls. Mostly technical or logical, security controls help to reduce risk to the environment and allow vulnerabilities to be addressed in a timely manner, reducing an organization’s overall threat profile.
In the past, managing controls was difficult and time-intensive. Does anyone else remember those days? It was an important task, but it was a chore. We’re in a great position today relative to where we were three to five years ago. Technology has brought enormous capabilities around automation – whether for deployment, maintenance, or the ongoing monitoring of security controls.
The following is a list of security controls that may or may not exist in your organization today. It’s important to consider how using these tools or concepts can improve your environment and protect your data.
Patching
Patching is an essential security control but is often only applied to operating systems. Organizations should ensure they are patching all layers that users interact with, including infrastructure devices, Java, Adobe, etc. Proactive security patching should be conducted at least once a month.
Lifecycle management
Lifecycle management of legacy technologies is essential. Just as you would replace old wiring or air filters in your home, the same applies to operating systems and applications.
Firewalls
Firewalls are just as important as ever. Avoid using overly permissive firewall rules just to get something out. While it might meet an urgent business need to get a service deployed, it’s not worth the risk. Conduct regular firewall rule reviews internally and externally.
Passwords
Passwords remain a major pain point for security. Shared administrator accounts or overly-permissioned accounts assigned to multiple users need to provide appropriate protection relative to the assets they protect.
Protocols
Protocols should be secure by default. Avoid FTP or TELNET transmission protocols and ensure you’re using secure ones, such as Secure FTP. You also should be redirecting HTTP to HTTPS when dealing with sensitive data.
Web proxies
Web proxies are still an important part of environments. By monitoring behaviors and sites that users are visiting, you can enable proxies to provide security response features. These can prevent the access of known, high-risk sites and serve as a point of control for users engaging in risky behavior.
Antivirus tools
Antivirus tools are as essential today as years ago. These have evolved from signature-based to behavior-based. They analyze how code interacts with the operating system to predict viruses rather than react to them.
Policies and procedures
Enforcing policies and procedures in the workplace is vital. Risk can be reduced through proper awareness, training, and discipline.
Backups
Backups are a must-have. There are so many options when it comes to backup, and organizations should ensure that all data is backed up. As we see more instances of purely malicious ransomware that leave no hope of recovery, backup is the only way organizations can ensure business continuity.
Secondary accounts
Secondary accounts should be set up for all administrators. These super accounts (SUs) are for privileged access only and are used strictly to access restricted information. Regular administrative accounts can field the high-risk daily activities we all perform, such as opening emails and surfing the web.
Penetration testing
Penetration testing should be conducted by an outside party to test the environment and review application and infrastructure posture. Is the organization introducing risk? Are the codes not quite secure? This testing should evaluate the entire stack.
Disaster recovery
Disaster recovery is a plan that all organizations should have in place, from how to restore backups to the criticality of systems and the order in which they should be restored.
These are just some of the security protocols your organization should have in place as part of its security posture. Don’t forget to properly dispose of data, encrypt everything, monitor your network patterns, and insist on multi-factor authentication for everything. While it might seem somewhat paranoid to perceive everything as a major threat, it’s that kind of thinking that will keep your organization safe and secure.