I’m finding that as I get older, my memory is starting to slowly fail me. You know that feeling when you walk into a room, and can’t remember what you came in there for? I know it’s not a unique experience, but it’s still pretty frustrating. Writing things down is helping, though. And in that same vein I wanted to write down a list of “do it now!” things that security practitioners shouldn’t forget.
Maybe some of these are already commonplace for you—if so, that’s great! But often in my conversations with customers I discover that their security team has never done one—or any—of these things. So, before you start your next security project, make sure you cross all of these off your list first.
1.Back up your Active Directory servers. Folks, the number of organizations that have to rebuild their AD after a ransomware incident is downright heartbreaking. Don’t assume that “someone’s doing it.” It is likely that your domain controller is one of the most critical machines in your environment. Know that just doing snapshots aren’t sufficient. Microsoft offers guidance on doing a full backup of an AD server. Read up on the process, make a backup, and then test your restore to make sure it works!
2. Run a vulnerability scan. Maybe you trust your patch management solution—most don’t, but maybe you’re lucky! There are good reasons to run a scan anyway—one, because dealing with vulnerabilities in your environment isn’t simply about installing patches. Lots of other issues can be present on your assets that aren’t solved with a software update. Two, you may want to ensure that your patching solution isn’t misreporting failures. There may be breakdowns in your patching process that could come back to bite you. Check out Tenable, Rapid7, and Qualys—all CBTS partners!
3. Roll out multi-factor authentication for your webmail, remote desktop, and VPN systems. Yes, we know this one isn’t as easy as flipping a switch. But it’s also not as monumental an effort as you might be picturing in your head, either. Plenty of easy-to-deploy MFA solutions—Duo, Okta, Microsoft, NetIQ, and Yubico (all CBTS partners)—are available for organizations of all sizes and technical capabilities, from physical keys (the most secure) to OTP tokencodes delivered by apps or hardware tokens, client certificates, push notifications from MFA apps, and of course, SMS-delivered tokencodes (the least secure but still viable). The absolute easiest way for an attacker to get into your network or data today is to steal credentials from an employee via social engineering, and reuse them, and MFA helps mitigate that risk. It’s worth the work.
4. Perform simulated phishing. This helps work the other angle highlighted in the previous item: human misbehavior. At no point are your employees more attentive to security training than after they realize they’ve failed a phishing simulation. It is a fantastic opportunity to correct their behavior and train them for future attacks, as well gauge your user base’s susceptibility to phishing so that you can improve overall training efforts. Check out Proofpoint, Cofense, and LivingSecurity for some great simulation options—all CBTS partners!
5. Find your risk inventory. Your security leaders should have one. If you’re the security leader, and you don’t, well, it’s time to write one! No need to be fancy—simply fire up your favorite text editor and start listing the things that keep you up at night! Then, arrange them in order of priority, and start building a list of countermeasures. This rudimentary effort can birth a formal risk management practice, in which you gather input from stakeholders, establish more granular prioritization, and document current and future efforts to mitigate the risks. For a more approachable, step-by-step guide, check out NIST’s Risk Management Framework.
If that list seems daunting, feel free to enlist us to help! CBTS’ security team can assist with objective solution selection and design, consulting, assessment, and managed security services.