Information Security Tips

by | Feb 3, 2022

Home » Blog » Information Security Tips

TOP SECURITY TIPS

Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be certain these guidelines are included in any information security program implemented by your company to ensure the best chance of defending yourself from malicious attackers.

checklist

Social Engineering Tips

  • Do not open suspicious emails
  • Look for phishing red flags
    • Out of Character greeting or tone
    • Grammar and spelling errors
    • Email addresses, links, and domain names don’t match up
    • Suspicious Attachments
    • Unusual Requests
    • Vague emails with links or email attachments
    • You didn’t initiate the conversation
    • Landing pages in emails
  • Hover over links before you click
  • Don’t open unexpected attachments
  • Train employees against Social Engineering
  • Know the different categories of Social Engineering techniques
    • Reciprocity
    • Commitment/Consistency
    • Social Proof
    • Authority
    • Liking
    • Scarcity
  • Identify and report threats immediately

Network Security Tips

  • Keep all Software and Operating Systems patched and up-to-date
  • Encrypt all hardware (data at rest)
  • Encrypt all communications (data in transit)
  • Use an Anti-Virus and Anti-Malware Software (endpoint protection)
  • Avoid using Public Networks for Business Activities or utilize a VPN for secure access.
  • Establish a secure BYOD or Acceptable Use policy regarding personal devices.
  • Ensure your Back Ups are up-to-date
  • Ensure you have a secure website by utilizing https and up-to-date 3rd party libraries
  • Keep an active inventory of all devices and hardware in your network
  • Use firewalls to block unauthorized access to your networks and establish a DMZ.
  • Secure all mobile devices accessing business data on your network.

Ensuring your networks are protected and your employees are trained to recognize social engineering is critical to any effective cybersecurity policy. However, there is a lot more to protect than just your networks. Hackers target systems based on vulnerability. When organizations create their cybersecurity program, they need to pay special attention to less obvious, more vulnerable attack surfaces. These attack surfaces include physical critical infrastructure and web applications. Review the tips below with your security team to determine if you are vulnerable to attack.

Physical Security Tips

  • Encrypt all hardware and physical storage devices
  • Protect your physical perimeter by securing critical infrastructure such as doors, elevators, access points, card readers, etc. 
  • Watch for social engineering tactics like impersonating vendors or tailgating
  • Empower employees to bring up questions about suspicious behavior/devices
  • Structure your security teams so your physical security and IT security leaders are working together to maximize security across the organization.

    Application Security Tips

    • Use both DAST and SAST to assess your web application
    • Identify and eliminate vulnerabilities before production
    • Integrate security processes into the development lifecycle, such as DEVSECOPS
    • Understand the OWASP Top-10 6 and Application Security Verification Standard (ASVS) 4.0
    • Utilize secure codebases & repositories throughout the application’s lifecycle

    Other Security Tips

    • Create an effective Cybersecurity Policy with your Information Security officer/manager. Be certain your policy includes these main goals of any cybersecurity program:
      • Protect the Confidentiality, Integrity, and Authenticity of your systems (CIA Triad)
      • Identify risk
      • Protect assets, networks, data, and systems
      • Detect and Respond to threats
      • Recover from cyber incidents
      • Disclose the event
      • Restore Normal Operations
    • Define information security roles and responsibilities, honoring the principle of Least Privilege between users.
    • Conduct quarterly Risk Assessments, or monthly depending on your company’s security needs
    • Conduct annual Penetration Testing, or quarterly Red-Teaming engagements depending on your company’s security needs.
    • Assess security controls with a third-party auditor
    • Implement a Secure System Development Life Cycle (SDLC) program 
    • Implement an Incident Response Plan, addressing business continuity and disaster recovery.
    • Utilize authoritative federal resources like NIST’s cybersecurity framework, & CISA’s catalog of known vulnerabilities.

    Password Security Tips

    • Use Multi-Factor Authentication
    • Use secure passphrases instead of passwords
    • Use a third party password manager to generate and save secure passwords
    • Be aware if your account was subject to a known breach
    • Keep your Browser up-to-date

    Ready to learn more?

    Related Blog Posts

    What to Expect for CMMC 2.0 Assessments

    What to Expect for CMMC 2.0 Assessments

    What to Expect for CMMC 2.0 Assessments   So now you have put in all the work to meet the requirements of CMMC 2.0 level 1, 2, or 3, but what’s next? Once the rules are finalized and being implemented, companies will need to be able to certify that they are...

    CMMC 2.0 Requirements: Level Three

    CMMC 2.0 Requirements: Level Three

    CMMC Requirements: Level Three Now we enter the most nebulous category of CMMC 2.0 requirements: level three. While we know where the requirements will come from, we don’t know exactly how many will be added from the NIST 800-172 publication. While there are...

    CMMC 2.0 Level 2 Requirements

    CMMC 2.0 Level 2 Requirements

    CMMC 2.0 Level 2 CMMC 2.0 Level 2-that’s where things really start to get serious. While the controls required aren’t incredibly difficult, there are probably a fair number that most companies haven’t considered before, especially since there are 110 of them. And I am...

    CMMC 2.0 Level 1 Requirements

    CMMC 2.0 Level 1 Requirements

    We’re going to start digging through the CMMC levels, starting with CMMC 2.0 Level 1. I will go through the different protection areas and briefly describe what they mean. I don’t intend for this to be a complete guidance, but more an introduction to allow you to be...

    Critical Fault all white text

    Newsletter

    Subscribe To Our Newsletter

    We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

    Need Immediate Assistance?

    Give us a call (405) 771-6399

    Headquarters

    3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

    110 E. Houston St, 7th Floor, San Antonio, TX 78205

    Copyright 2024 - Critical Fault, LLC. | Privacy Policy