Knowing where to start in protecting your company from cyber threats, attacks and password hacking can be a daunting task. At Think Connect, we believe in being proactive in setting your Cyber Security System up for success and have outlined the five pillars of cyber security that your company could benefit from.
The Five Pillars of Cyber Security
1. Always set-up Multi-Factor Authentication.
Multi-factor Authentication is an account login process which requires more than one stage of authentication to verify a user’s identity for a login (this can also apply to a transaction). With MFA enabled, you can prevent 99.9% of attacks on your accounts.
- Make it easy: Select an MFA option with the least amount of friction (like using biometrics in devices or FIDO2 complaint factors such as Feitan or Yubico security keys) for your employees.
- Be Judicious: Choose MFA when extra authentication can help protect sensitive data and critical systems rather than applying it to every single interaction.
- Avoid end-user toil: Use conditional access policies, pass-through authentication and single-sign-on (SSO) to help users avoid multiple sign-on sequences to access non-critical file shares or calendars on the corporate network when their devices are current with the latest software updates.
2. Apply Zero Trust Principles.
Zero Trust is a modern security strategy based on the principle – never trust, always verify. Instead of assuming that everything that appears on your corporate computer is safe, the Zero Trust system will do all the work for you and verify each request before it completes it. Zero trust is the cornerstone of any resilience plan limiting the impact on an organisation.
- Assume breach: Assume attackers can and will successfully attack anything. This means constantly monitoring the environment for possible attack.
- Explicitly verify: Ensure users and devices are in a good state before allowing access to resources. Protect assets against attacker control by explicitly validating the fact that all trust and security decision use relevant available information and telemetry.
- Use least privileged access: Limit access of a potential compromised asset with just-in-time and just-enough-access (JIT/JEA) and risk-based policies like adaptive access control. You should only allow the privilege that is needed for access to a resource and no more.
3. Use Modern Anti-Malware
Use extended detection and response anti-malware. This means employing a software on your corporate computers to detect and automatically block attacks from malicious events. Anti-Malware can also provide insights to your IT Team’s security operations, giving them a better understanding of which areas can be easily compromised and which areas are in need of more protection.
If you’re looking for peace of mind, we offer a Free Cyber Security Assessment that can give you a better understanding of how secure your organisation really is. Download our free IT Wellness brochure to learn more about what is included.
4. Keep up to date
Unpatched and out of date systems are a key reason many organisations fall victim to an attack. Ensure all systems are kept up to date including firmware, the operating system, and applications.
- Patch: ensure devices are robust by swiftly applying patches and changing default passwords and default SSH ports.
- Reduce: eliminate unnecessary internet connection and open ports and restrict remote access by blocking ports, denying remote access and using VPN services
- Segment: limits an attackers ability to move laterally and initial intrusion IoT devices and OT networks should be isolated from corporate IT networks through firewalls.
5. Protect Data
Knowing your important data, where it is located and whether the right systems are implemented, is crucial to implementing the appropriate protection.
At Think Connect, we work proactively to keep you and your company’s systems and infrastructure up to date and in compliance with these five cyber security pillars. Chat to Jay, our Security Lead, to get started.
