Cyber Security: 5 steps to start securing your company
Nowadays, cyber security is a hot topic. Naturally, nobody wants to be a victim of a hacker or a virus. But how do you start securing your company? Our very own System Engineer and expert, Jo Lambrecht, will take you through the different steps you should take in securing your company.
1. Awareness - Business management
The fact that you are reading this case is a good start. It is important that your management is aware of the different impacts a successful attack or virus could have on your company’s business. This is of course different for each company, but a complete inventory of all vulnerable assets is therefore crucial. This takes us to the next step, but before that, it is also necessary to be aware of the measures that might need to be taken. These measures naturally could have an impact on your budget and resources, but also on the policies implemented within your company.
So, now that you are aware of the possible impact, you might wonder what you need to secure in order to be protected against attacks and viruses? Well, the answer is quite simple. Every asset that has a network connection or that is (in)directly connected to a device with a network connection could be a possible target. More specifically servers, UPS, PDU connected to a gateway, Scada systems, and so on.
Having an up-to-date and complete asset list or device list is very important. Additional information such as vendor info (SN), network settings (IP, VLAN, …), access et cetera can be very helpful.
3. Set priorities
You may ask yourself now: “Where do I start?”. This answer will depend on three things: the needs of your business, which actions already have been implemented and which asset is the most vulnerable.
By assigning priorities and risks, you will get a good overview of what to tackle first, even if this changes during the project.
4. Action plan
As you might already have noticed, this will be a long-term implementation. Starting with a good analysis of the risks, the impact, the costs, and the technical implementation will get you already in the right direction.
Like mentioned in step 3, the actions to implement and the priorities assigned, can be very different for each company. Below are some actions you should consider:
Disaster recovery plan & business continuity
Security is an important part in the battle against cybercrime. Unfortunately, some breaches will only be noticed when it is already too late. Being prepared for the worst will help you limit the costs of data loss and downtime in case of a breach.
Therefore, your disaster recovery plan should be based on the amount of data loss and downtime that is acceptable for the company. To make sure the plan will work when you’d need it, regular business continuity tests are a must.
User rights, policies & training
We have all heard of them: crypto lockers, phishing mails, viruses, malware, and so many more. They are very well known in today’s world of information technology. Every company tries to secure against them with firewall, antivirus, spam filtering for example. But is this enough?
What if a user who works from home, where he is not protected by the most sophisticated firewall? What if a user opens a phishing mail in his personal mailbox without spam filter? What if a user enters an infected USB flash drive in his company laptop?
Because of the possibility of a human error, the user remains the favorite target of a hacker. Therefore, strict user policies (password policies, multi-factor authentication, BYOD restriction, …) in combination with a training, will create awareness and will help reduce the success rate of an attack.
Furthermore, restricting access to the minimum that is needed will limit damage in the worst-case scenario. However, this can have an impact on a users’ routine and might need change management to implement these policies and restrictions.
Network policies & segmentation
Securing your network with a decent firewall, including Threat Prevention (IDS/IPS, malware, …), is a logic step to do. However, this firewall will only allow and block what you tell him to.
My advice to you is to start by blocking everything and only allow the necessary. To be able to block and filter requests, your traffic will have to pass by your firewall. That is why segmentation of your network is so important. Not only will it improve security through network filtering on your firewall, it will also allow you to control your traffic between subnets and reduce broadcasting.
A well-known segment is DMZ. It is a subnetwork which allows access to a service or app from an untrusted network (i.e.: the internet) without exposing the rest of your company's LAN.
So, defining policies, levels of trust, master data et cetera will be an important step to get and maintain a secure network.
Having a secure network is one thing, keeping it that way is another. Hackers nowadays are not only becoming smarter, but changes in your policies, rule base, access rules and whatnot might have been implemented incorrectly, giving hackers the chance to intrude.
Continuous actions on a regular basis will help you to remove errors and to keep your infrastructure secure. Some actions you should take are:
- Business continuity tests
- Preventive maintenance
- Hardware renewal
Unfortunately, the perfect tool for cyber security is not on the market yet. Cyber security is more than just adding some security features to your infrastructure. It is a company culture that needs to be implemented and maintained constantly.
Some solutions have been discussed in this paper, but besides that, there are still some other options for example data protection (ISO27001), SOC, penetration testing and many more. It is now up to you, your company’s management, and the technical staff to take these important decisions and take action.