NCSAM: Are You Prepared for Today’s Threats?

Last week, we gave an overview of what we plan to cover as part of National Cybersecurity Awareness Month (NCSAM). Today, we’ll dive in on the first step of the process: prepare and prevent.

Staying secure requires you to continuously prepare environments for potential threats, deploying new preventive technologies and controls to keep threats out. Today, we’ll talk about this process.

Preparing for the current threat environment

It’s not an overstatement to say the way we work has changed dramatically this year. While remote work has long been [ital]possible[/ital] for businesses, now, it has increasingly become the norm. If the industry has been sounding the drumbeat on the death of the perimeter for years, this should turn the volume of that drumbeat to 11. Many of the old fundamentals still apply, but some technologies and controls need updating.

• Vulnerability assessments: Part of the planning phase involves performing vulnerability assessments for your customers. Try running a vulnerability scan against the networks for which you’re responsible. Even a basic scanner can often help you root out things you wouldn’t normally find, like default passwords on devices or unpatched software.
• Identity and access management: When working with a new client, make sure users can only access the data and systems they need for their jobs. Once you have them up and running, try to audit access and permissions on a regular basis. Permissions can grow organically out of control if you don’t check in from time to time. Implementing this least-privilege principle limits the amount of data someone could steal, encrypt, or delete if they compromise an account (or if an insider attacks).
• Password security and multifactor authentication (MFA): Related to the previous point, set strong password rules and processes to prevent account takeovers. The easiest way to do this involves offering a password manager as a service to your customers, allowing users to automatically generate strong, unique passwords for the services they use. Even if you don’t, try to get users to change their passwords for mission critical services at least once a quarter. Finally, for higher risk accounts or data, introduce multifactor authentication (MFA) when accessing important resources, particularly when working offsite.
• Application gateways: With so many people working offsite, you’ll want to keep them from accessing sensitive corporate resources from a potentially insecure connection. Traditionally, VPNs have been the primary way of dealing with this. However, as organizations have had to support more workers outside the office, the industry has seen a number of vulnerabilities in VPNs crop up (and criminals have taken notice). Instead, you may want to try using an application gateway. Application gateways give you more control over who can access data and systems on the network. VPNs often grant access to a large portion of the network; an application gateway allows you to more finely tune access on a need-to-use basis, helping you better enforce a zero trust framework.
• Enlist the end users: Now that most employees work from home, you have less visibility into their security. They connect to home networks that may not be secure, and which often have dozens of devices connected to a single router, each representing a foot in the door. Security training is a must under any conditions, but it’s particularly important now. Make sure to get them to use caution when receiving emails (especially since we saw an uptick in email scams when the pandemic first started). Also, remind customers to set strong passwords on their home routers and on any devices connected to the network—including personal laptops and any IoT devices. It’s worth reminding them, too, to double check both their devices’ passwords [ital]and[/ital] any administrator pages for those devices. People rarely think to double check their home router’s administrator page, often leaving a default password and giving criminals an easy way onto their home networks.
• Pay attention to physical security: While many employees still work from home, some offices have opened and many workforces will have to contemplate a return-to-office plan. So don’t neglect physical security for your customers. You may not have a ton of control here, but it’s worth making sure you have an inventory of all company-issued devices, advise companies to be careful around keycard access, and make sure employees know to not let non employees into the building unsupervised.
• Patch regularly: Finally, make sure you’re patching on a regular basis. Set a schedule and try to patch critical systems often, especially for urgent security updates. While you likely already do this, you may need to expand the scope of the systems you regularly patch. Remote work has expanded what systems should be considered “mission critical”; make sure your patch policies cover the full breadth of important systems.

Staying prepared

Today’s post focused on laying the groundwork for a secure environment. While this certainly helps when you take on a new customer at the moment, it’s worth double checking on many of these tips for your existing customers. If there’s an area you can improve, there’s no better time to do it than during National Cybersecurity Awareness Month.