Information Security Tips

by | Feb 3, 2022

Home » Blog » Information Security Tips

TOP SECURITY TIPS

Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be certain these guidelines are included in any information security program implemented by your company to ensure the best chance of defending yourself from malicious attackers.

checklist

Social Engineering Tips

  • Do not open suspicious emails
  • Look for phishing red flags
    • Out of Character greeting or tone
    • Grammar and spelling errors
    • Email addresses, links, and domain names don’t match up
    • Suspicious Attachments
    • Unusual Requests
    • Vague emails with links or email attachments
    • You didn’t initiate the conversation
    • Landing pages in emails
  • Hover over links before you click
  • Don’t open unexpected attachments
  • Train employees against Social Engineering
  • Know the different categories of Social Engineering techniques
    • Reciprocity
    • Commitment/Consistency
    • Social Proof
    • Authority
    • Liking
    • Scarcity
  • Identify and report threats immediately

Network Security Tips

  • Keep all Software and Operating Systems patched and up-to-date
  • Encrypt all hardware (data at rest)
  • Encrypt all communications (data in transit)
  • Use an Anti-Virus and Anti-Malware Software (endpoint protection)
  • Avoid using Public Networks for Business Activities or utilize a VPN for secure access.
  • Establish a secure BYOD or Acceptable Use policy regarding personal devices.
  • Ensure your Back Ups are up-to-date
  • Ensure you have a secure website by utilizing https and up-to-date 3rd party libraries
  • Keep an active inventory of all devices and hardware in your network
  • Use firewalls to block unauthorized access to your networks and establish a DMZ.
  • Secure all mobile devices accessing business data on your network.

Ensuring your networks are protected and your employees are trained to recognize social engineering is critical to any effective cybersecurity policy. However, there is a lot more to protect than just your networks. Hackers target systems based on vulnerability. When organizations create their cybersecurity program, they need to pay special attention to less obvious, more vulnerable attack surfaces. These attack surfaces include physical critical infrastructure and web applications. Review the tips below with your security team to determine if you are vulnerable to attack.

Physical Security Tips

  • Encrypt all hardware and physical storage devices
  • Protect your physical perimeter by securing critical infrastructure such as doors, elevators, access points, card readers, etc. 
  • Watch for social engineering tactics like impersonating vendors or tailgating
  • Empower employees to bring up questions about suspicious behavior/devices
  • Structure your security teams so your physical security and IT security leaders are working together to maximize security across the organization.

    Application Security Tips

    • Use both DAST and SAST to assess your web application
    • Identify and eliminate vulnerabilities before production
    • Integrate security processes into the development lifecycle, such as DEVSECOPS
    • Understand the OWASP Top-10 6 and Application Security Verification Standard (ASVS) 4.0
    • Utilize secure codebases & repositories throughout the application’s lifecycle

    Other Security Tips

    • Create an effective Cybersecurity Policy with your Information Security officer/manager. Be certain your policy includes these main goals of any cybersecurity program:
      • Protect the Confidentiality, Integrity, and Authenticity of your systems (CIA Triad)
      • Identify risk
      • Protect assets, networks, data, and systems
      • Detect and Respond to threats
      • Recover from cyber incidents
      • Disclose the event
      • Restore Normal Operations
    • Define information security roles and responsibilities, honoring the principle of Least Privilege between users.
    • Conduct quarterly Risk Assessments, or monthly depending on your company’s security needs
    • Conduct annual Penetration Testing, or quarterly Red-Teaming engagements depending on your company’s security needs.
    • Assess security controls with a third-party auditor
    • Implement a Secure System Development Life Cycle (SDLC) program 
    • Implement an Incident Response Plan, addressing business continuity and disaster recovery.
    • Utilize authoritative federal resources like NIST’s cybersecurity framework, & CISA’s catalog of known vulnerabilities.

    Password Security Tips

    • Use Multi-Factor Authentication
    • Use secure passphrases instead of passwords
    • Use a third party password manager to generate and save secure passwords
    • Be aware if your account was subject to a known breach
    • Keep your Browser up-to-date

    Ready to learn more?

    Related Blog Posts

    Are Your Credentials on the Web?

    Are Your Credentials on the Web?

    Let's Find Out! Step 1: Go to haveibeenpwned.com Step 2: Place Your Email (Never your password) Step 3: Click the “pwned?” button. Step 4: Write down all the sites  Step 5: Go to every site and change your passwords  This step should be based on prioritization of how...

    MOVEit: What You Need to Know about CVE-2023-25708

    MOVEit: What You Need to Know about CVE-2023-25708

    MOVEit: What You Need to Know about CVE-2023-25708 The MOVEit Vulnerability, or CVE-2023-25708, is an SQL Injection vulnerability that targets the database of the MOVEit Transfer software. This is a new critical risk vulnerability and the impacts are...

    Madison Horn Joins the Critical Fault Team as CEO

    Madison Horn Joins the Critical Fault Team as CEO

    Madison Horn Joins the Critical Fault Team as CEO In Madison’s new role as CEO of Critical Fault, she will lead the vision and strategy for the organization while fostering a culture of growth and collaboration. Madison is dedicated to strengthening...

    What Do Hackers Do with Stolen Data

    What Do Hackers Do with Stolen Data

    Threat Actors Many individuals may ask, "What would someone want with my data?" or "Who would want my data?" It is important to describe who wants the data because that determines what they are going to do with it. These individuals and organizations...

    Critical Fault all white text

    Newsletter

    Subscribe To Our Newsletter

    We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.

    Need Immediate Assistance?

    Give us a call (405) 771-6399

    Headquarters

    3841 E Danforth Rd, Ste 106, Edmond, OK 73034 

    110 E. Houston St, 7th Floor, San Antonio, TX 78205

    Copyright 2024 - Critical Fault, LLC. | Privacy Policy