10 September 2019

Do you Cybersecure?

  • By Loïc Calvez
  • POSTED IN Technology
  • With 0 COMMENTS
  • BLOG POST TYPE

Top 5 things you should be doing to keep out of trouble:

  1. Patch [everything]
  2. Layer [you defenses]
  3. Backup [all your data]
  4. Train [your people]
  5. Enable [your people to succeed by giving them the right tools]

 

In more details:

Patch everything

Patches are the manufacturers way to tell you they found a problem that needs fixing. Always apply all patches to all devices by following a simple process: test, deploy and verify. Just keeping everything up to date will avoid you loads of trouble: many of the successful recent attacks leveraged security vulnerabilities for which patches had been available for weeks (or even months!).

 

Layer you defenses:

Don’t be a single trick pony. Hoping that the local antivirus on your PC will save you is so 2010… The two main attack vectors are web and email, the malware agent on your devices is the last bastion in case all else fails. 

Email: You need a solution that leverages multiple layers of defense: basic signature scanning to get rid of the low level attacks efficiently, sandboxing technology to execute/detonate the workload in a safe environment to detect zero day malware and advanced heuristic to identify phishing and spoofing attacks.

Firewall: You need a Next Generation Firewall that can marshal the connections, but that can also inspect the content of the traffic (ideally also within encrypted traffic).

 

Backup all your data

Well, sh*t happens. Sometimes, even when you do everything right, you may end up needing to recover. So what is a proper backup? One you can restore when all hell breaks loose. So it needs to be valid (aka you have tested it), it needs to also be offsite (in case something happens to the physical building and it needs to be air gaped (some new variants of ransomware are getting very good at deleting backups before they lock out your environment, make sure you backups are protected).

 

Train your people

Technology is the easy part. Successful attacks now target humans, not devices (don’t click that link!). You need to help your people ask themselves the right questions and take the right actions. Cybersecurity awareness training and phishing simulations can help.

 

Enable your people to succeed by giving them the right tools

Humans are crafty creatures, people have a job to do and if you do not provide them with the right solution, they will find one on their own (and you probably won't like it). Make sure you give them the tools they need, cloud storage to backup their files and exchange data, instant messaging so they can get the answer they need when they need it and an email systems that give them additional information on the emails they get to make better decisions on if they should open that file or click that link.

 

As always, we are here to help you, contact us for more information.