Information Security Tips
TOP SECURITY TIPS
Creating an effective information security policy is critical to the survival of any organization. We’ve compiled a helpful list of all our best information security tips to help protect businesses against growing cyber threats. Be certain these guidelines are included in any information security program implemented by your company to ensure the best chance of defending yourself from malicious attackers.
Social Engineering Tips
- Do not open suspicious emails
- Look for phishing red flags
- Out of Character greeting or tone
- Grammar and spelling errors
- Email addresses, links, and domain names don’t match up
- Suspicious Attachments
- Unusual Requests
- Vague emails with links or email attachments
- You didn’t initiate the conversation
- Landing pages in emails
- Hover over links before you click
- Don’t open unexpected attachments
- Train employees against Social Engineering
- Know the different categories of Social Engineering techniques
- Reciprocity
- Commitment/Consistency
- Social Proof
- Authority
- Liking
- Scarcity
- Identify and report threats immediately
Network Security Tips
- Keep all Software and Operating Systems patched and up-to-date
- Encrypt all hardware (data at rest)
- Encrypt all communications (data in transit)
- Use an Anti-Virus and Anti-Malware Software (endpoint protection)
- Avoid using Public Networks for Business Activities or utilize a VPN for secure access.
- Establish a secure BYOD or Acceptable Use policy regarding personal devices.
- Ensure your Back Ups are up-to-date
- Ensure you have a secure website by utilizing https and up-to-date 3rd party libraries
- Keep an active inventory of all devices and hardware in your network
- Use firewalls to block unauthorized access to your networks and establish a DMZ.
- Secure all mobile devices accessing business data on your network.
Ensuring your networks are protected and your employees are trained to recognize social engineering is critical to any effective cybersecurity policy. However, there is a lot more to protect than just your networks. Hackers target systems based on vulnerability. When organizations create their cybersecurity program, they need to pay special attention to less obvious, more vulnerable attack surfaces. These attack surfaces include physical critical infrastructure and web applications. Review the tips below with your security team to determine if you are vulnerable to attack.
Physical Security Tips
- Encrypt all hardware and physical storage devices
- Protect your physical perimeter by securing critical infrastructure such as doors, elevators, access points, card readers, etc.
- Watch for social engineering tactics like impersonating vendors or tailgating
- Empower employees to bring up questions about suspicious behavior/devices
- Structure your security teams so your physical security and IT security leaders are working together to maximize security across the organization.
Application Security Tips
- Use both DAST and SAST to assess your web application
- Identify and eliminate vulnerabilities before production
- Integrate security processes into the development lifecycle, such as DEVSECOPS
- Understand the OWASP Top-10 6 and Application Security Verification Standard (ASVS) 4.0
- Utilize secure codebases & repositories throughout the application’s lifecycle
Other Security Tips
- Create an effective Cybersecurity Policy with your Information Security officer/manager. Be certain your policy includes these main goals of any cybersecurity program:
- Protect the Confidentiality, Integrity, and Authenticity of your systems (CIA Triad)
- Identify risk
- Protect assets, networks, data, and systems
- Detect and Respond to threats
- Recover from cyber incidents
- Disclose the event
- Restore Normal Operations
- Define information security roles and responsibilities, honoring the principle of Least Privilege between users.
- Conduct quarterly Risk Assessments, or monthly depending on your company’s security needs
- Conduct annual Penetration Testing, or quarterly Red-Teaming engagements depending on your company’s security needs.
- Assess security controls with a third-party auditor
- Implement a Secure System Development Life Cycle (SDLC) program
- Implement an Incident Response Plan, addressing business continuity and disaster recovery.
- Utilize authoritative federal resources like NIST’s cybersecurity framework, & CISA’s catalog of known vulnerabilities.
Password Security Tips
- Use Multi-Factor Authentication
- Use secure passphrases instead of passwords
- Use a third party password manager to generate and save secure passwords
- Be aware if your account was subject to a known breach.
- Keep your Browser up-to-date
Ready to learn more?
References:
- https://cofense.com/knowledge-center/signs-of-a-phishing-email/
- https://www.cde.state.co.us/dataprivacyandsecurity/socialengineeringeducation#:~:text=Social%20Engineering%20relies%20heavily%20on,Authority%2C%20Liking%2C%20and%20Scarcity.
- https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/draft
- https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
- https://www.devsecops.org/
- https://owasp.org/www-project-top-ten/
- https://owasp.org/www-pdf-archive/OWASP_Application_Security_Verification_Standard_4.0-en.pdf
- https://meraki.cisco.com/blog/2021/06/merging-physical-security-and-cybersecurity/#:~:text=Physical%20security%20protects%20cybersecurity%20by,are%20common%20targets%20for%20hackers.
- https://haveibeenpwned.com
- https://www.cisecurity.org/spotlight/ei-isac-cybersecurity-spotlight-cia-triad/
- https://securityintelligence.com/the-system-development-life-cycle-a-phased-approach-to-application-security/
- https://www.cisco.com/c/en/us/products/security/incident-response-plan.html#~how-to-create-a-plan
- https://www.nist.gov/cyberframework
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- https://www.cisa.gov/uscert/resources
- https://www.nist.gov/standardsgov/resources
- https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-resources
- https://www.govtech.com/blogs/lohrmann-on-cybersecurity/data-breach-numbers-costs-and-impacts-all-rise-in-2021
Related Blog Posts
Why Physical Security Is Cybersecurity
Physical Security Awareness Physical Security is an important aspect of protecting your organization’s networks, hardware, and data. However, physical security is often overlooked when cybersecurity policies are written, and often times sub-par...
What Is a Risk Assessment and Why Is It Necessary?
What Is A Risk Assessment? A Risk Assessment is a comprehensive and exhaustive examination of an organization’s current security controls and information systems. A senior risk assessor works to identify any existing threats or areas of concern, and...
What Is Penetration Testing and Why Is It Necessary?
What Is Penetration Testing? Penetration Testing is when an organization hires professional hackers, also known as “ethical hackers”, to identify vulnerabilities in an organization’s security architecture. Penetration Testing takes an offensive...
The Rising Need for Digital Forensics
What is Digital Forensics? According to US-CERT, Digital (Computer) Forensics can be defined “as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications,...
Newsletter
Subscribe To Our Newsletter
We've been creating some excellent webinars and local events. Join our mailing list for the latest on industry trends and strategies for cyber defense.
Need Immediate Assistance?
Give us a call (405) 771-6399
Headquarters
3841 E Danforth Rd, Ste 106, Edmond, OK 73034
110 E. Houston St, 7th Floor, San Antonio, TX 78205
Copyright 2024 - Critical Fault, LLC. | Privacy Policy
