Information Security Tips
TOP SECURITY TIPS
Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be certain these guidelines are included in any information security program implemented by your company to ensure the best chance of defending yourself from malicious attackers.
Social Engineering Tips
- Do not open suspicious emails
- Look for phishing red flags
- Out of Character greeting or tone
- Grammar and spelling errors
- Email addresses, links, and domain names don’t match up
- Suspicious Attachments
- Unusual Requests
- Vague emails with links or email attachments
- You didn’t initiate the conversation
- Landing pages in emails
- Hover over links before you click
- Don’t open unexpected attachments
- Train employees against Social Engineering
- Know the different categories of Social Engineering techniques
- Reciprocity
- Commitment/Consistency
- Social Proof
- Authority
- Liking
- Scarcity
- Identify and report threats immediately
Network Security Tips
- Keep all Software and Operating Systems patched and up-to-date
- Encrypt all hardware (data at rest)
- Encrypt all communications (data in transit)
- Use an Anti-Virus and Anti-Malware Software (endpoint protection)
- Avoid using Public Networks for Business Activities or utilize a VPN for secure access.
- Establish a secure BYOD or Acceptable Use policy regarding personal devices.
- Ensure your Back Ups are up-to-date
- Ensure you have a secure website by utilizing https and up-to-date 3rd party libraries
- Keep an active inventory of all devices and hardware in your network
- Use firewalls to block unauthorized access to your networks and establish a DMZ.
- Secure all mobile devices accessing business data on your network.
Ensuring your networks are protected and your employees are trained to recognize social engineering is critical to any effective cybersecurity policy. However, there is a lot more to protect than just your networks. Hackers target systems based on vulnerability. When organizations create their cybersecurity program, they need to pay special attention to less obvious, more vulnerable attack surfaces. These attack surfaces include physical critical infrastructure and web applications. Review the tips below with your security team to determine if you are vulnerable to attack.
Physical Security Tips
- Encrypt all hardware and physical storage devices
- Protect your physical perimeter by securing critical infrastructure such as doors, elevators, access points, card readers, etc.
- Watch for social engineering tactics like impersonating vendors or tailgating
- Empower employees to bring up questions about suspicious behavior/devices
- Structure your security teams so your physical security and IT security leaders are working together to maximize security across the organization.
Application Security Tips
- Use both DAST and SAST to assess your web application
- Identify and eliminate vulnerabilities before production
- Integrate security processes into the development lifecycle, such as DEVSECOPS
- Understand the OWASP Top-10 6 and Application Security Verification Standard (ASVS) 4.0
- Utilize secure codebases & repositories throughout the application’s lifecycle
Other Security Tips
- Create an effective Cybersecurity Policy with your Information Security officer/manager. Be certain your policy includes these main goals of any cybersecurity program:
- Protect the Confidentiality, Integrity, and Authenticity of your systems (CIA Triad)
- Identify risk
- Protect assets, networks, data, and systems
- Detect and Respond to threats
- Recover from cyber incidents
- Disclose the event
- Restore Normal Operations
- Define information security roles and responsibilities, honoring the principle of Least Privilege between users.
- Conduct quarterly Risk Assessments, or monthly depending on your company’s security needs
- Conduct annual Penetration Testing, or quarterly Red-Teaming engagements depending on your company’s security needs.
- Assess security controls with a third-party auditor
- Implement a Secure System Development Life Cycle (SDLC) program
- Implement an Incident Response Plan, addressing business continuity and disaster recovery.
- Utilize authoritative federal resources like NIST’s cybersecurity framework, & CISA’s catalog of known vulnerabilities.
Password Security Tips
- Use Multi-Factor Authentication
- Use secure passphrases instead of passwords
- Use a third party password manager to generate and save secure passwords
- Be aware if your account was subject to a known breach.
- Keep your Browser up-to-date
Ready to learn more?
References:
- https://cofense.com/knowledge-center/signs-of-a-phishing-email/
- https://www.cde.state.co.us/dataprivacyandsecurity/socialengineeringeducation#:~:text=Social%20Engineering%20relies%20heavily%20on,Authority%2C%20Liking%2C%20and%20Scarcity.
- https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/draft
- https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
- https://www.devsecops.org/
- https://owasp.org/www-project-top-ten/
- https://owasp.org/www-pdf-archive/OWASP_Application_Security_Verification_Standard_4.0-en.pdf
- https://meraki.cisco.com/blog/2021/06/merging-physical-security-and-cybersecurity/#:~:text=Physical%20security%20protects%20cybersecurity%20by,are%20common%20targets%20for%20hackers.
- https://haveibeenpwned.com
- https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cia-triad/
- https://securityintelligence.com/the-system-development-life-cycle-a-phased-approach-to-application-security/
- https://www.cisco.com/c/en/us/products/security/incident-response-plan.html#~how-to-create-a-plan
- https://www.nist.gov/cyberframework
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.cisa.gov/uscert/resources
- https://www.nist.gov/standardsgov/resources
- https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-resources
- https://www.govtech.com/blogs/lohrmann-on-cybersecurity/data-breach-numbers-costs-and-impacts-all-rise-in-2021
Related Blog Posts
What Do Hackers Do with Stolen Data
Threat Actors Many individuals may ask, "What would someone want with my data?" or "Who would want my data?" It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations...
The Importance of Employee Security Training
Impact of Employee Security Training The majority of enterprise cybersecurity incidents can be traced back to a mistake made by an employee. Whether this came in the form of a clicking on a phishing email or lackluster security policies implemented...
25 High Profile Enterprise Information Security Breaches
No Industry seems to be safe from Ransomeware Thus many sectors have implemented required governance and awareness training throughout their organizations. As time moves forward, more industries will implement proactive strategies to minimize the...
Creating an Incident Response Plan
Creating an Incident Response Plan Disruptions to business operations occur frequently and vary greatly in terms of scope and scale. Organizations should establish formal policies and procedures in order to minimize the impact of...
Newsletter
Subscribe To Our Newsletter
We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.
Need Immediate Assistance?
Give us a call (405) 771-6399
Headquarters
3841 E Danforth Rd, Ste 106, Edmond, OK 73034
110 E. Houston St, 7th Floor, San Antonio, TX 78205
Copyright 2024 - Critical Fault, LLC. | Privacy Policy
