Cyber Hygiene Practices and Tools to Consider

Vulnerabilities are lurking everywhere inside and outside enterprise networks. Security professionals know well that the question is not if a security incident will happen, but when, especially as their company's attack surface continues to become more complex.

Some of the security staples organizations should have, include, endpoint security, network architecture security, email security and cloud security, each of which is described in more detail below.

What is Endpoint Security?

Endpoints have expanded out from the desktop to mobile to the IoT and IIoT. Of those, IoT/IIoT security are the least mature because they are relatively new, but it is an essential part of end point security. IoT manufacturers have prioritized time to market and product features over security while the IIoT may be prone to physical tampering as well as cyberattacks.

More traditional endpoint security elements include:

• URL filtering to prevent employees from visiting potentially malicious websites.
• Antivirus solutions that scan files for viruses and malware.
• Endpoint detection and response which monitors traffic flowing to end points including applications, files and malware.
• Endpoint encryption which encrypts data stored on the device.
• Patching to remediate known vulnerabilities.

What is Perimeter Security?

Perimeter security is the most mature of all the security categories. However, as enterprises have learned that a perimeter firewall will not keep all bad actors out, though it is a necessary element of defense.

Other perimeter cyber security measures include:

• A proxy server that sits between the users and the Internet which encrypts data in motion, blocks access to certain web pages, changes the user's identifiers and provides firewall and web filtering capabilities.
• An intrusion detection system that detects suspicious activity.
• An intrusion prevention system that automatically senses and defends against attacks.
• A DMZ that separates the perimeter from internal and external networks.

What capabilities should an organization have for Network Architecture Security?

Two basic things are necessary to ensure network architecture security: A detailed understanding of network architecture (devices/equipment, network protocols, topologies) and a framework that specifies both technological and non-technological elements including policies, standards, security controls and incident response protocols. 

Here, capabilities should include:

• Asset discovery to understand what makes up the network and is connected to it.
• Identity and Access Management (IAM) to control users' access to assets.
• Network monitoring to identify anomalous behavior.
• Security configuration management to identify misconfigurations, ensure proper configurations, and expedite remediation.

What is Email Security?

Sadly, email is one of the easiest ways to infiltrate an organization. The recent Microsoft Exchange hack is just one example. 

An email-based breach may involve social engineering, phishing, spear phishing or malware. Some of the necessary email security capabilities include:

• A secure email gateway that monitors messages for anomalous patterns and blocks suspicious traffic.
• Encryption to keep messages secure.
• Spam filtering to reduce the volume of potentially malicious messages.
• URL blocking to prevent traffic flowing from specific sources.
• Attachment scanning to minimize embedded threats.

What is Cloud Security?

Many organizations have concluded that cloud is more secure than their own data center. However, cloud environments are not inherently secure. While basic cloud services may provide minimal security protection, additional value-added services and solutions are required. In fact, cloud providers have a shared responsibility model because customers may inadvertently compromise their own security such as misconfiguring an AWS S3 bucket, for example. Capabilities from cloud providers and third parties include:

• Cloud perimeter security which protects cloud environments.
• Cloud workload protection monitoring which identifies misconfigurations, issues notifications about misconfigurations and identifies compromised/malicious data.
• IAM to prevent unauthorized access to cloud resources, applications or data.
• Monitoring (users, devices, cloud resources, applications, compliance, threats).
• Encryption and key management.
• DDoS protection.
• Incident detection and response.

Cross-Functional Collaboration and Training

Finally, good cyber security hygiene requires friendly collaboration and training. Some security professionals make a point of talking with organizational leaders and department heads to understand their goals and the technology they think they will need to reach those goals. That way, security can be designed into deployments rather than an afterthought. To succeed with this type of collaboration, the security team lead must be seen as an enabler instead of an obstacle. 

More fundamentally, everyone in the company should have basic cyber hygiene training since security is only as strong as its weakest link. Such training should include:

• A basic overview of security policies and why they exist.
• Common methods hackers use to breach enterprises (phishing, spear phishing, social engineering).
• What is expected of employees as individuals (passwords, downloads, use of company-owned tech, vigilance, etc.)
• Overview of tools the organization uses which could impact employees' privacy such as behavioral monitoring (work with HR and legal on this).
• The consequences of non-compliance with security policies.
• Whom to contact with questions or to report potential issues.