October is Cybersecurity Awareness Month
A global effort to help everyone stay safe and protected when using technology whenever and however you connect. The theme for the month is “It’s easy to stay safe online” and Winsor Consulting is proud to be a Champion and support this online safety and education initiative this October.
This month is all about taking Staying Safe Online
All month long, we will be promoting these key behaviors to encourage every employee & organization to take control of their online lives. There are many ways to stay safe and secure online. Even just practicing these cybersecurity basics can make a huge difference:
- Security Assessments
- Using Strong Passwords and Password Management
- Enabling MFA
- Recognize and Report Phishing
- + Even More FREE Content!
The cybersecurity and digital privacy of our clients and employees are detrimental to Winsor Consulting Group. Throughout the month of October, Winsor Consulting will provide valuable insight to improve your cybersecurity posture and uphold the most secure cybersecurity standards while staying safe online.
We also want to help you, your coworkers, friends, and our community stay safe all year long. We encourage you to sign up as an individual Cybersecurity Awareness Month Champion. After signing up, you’ll receive a care package of free resources, including simple steps you can take to #BeCyberSmart.
Cybersecurity Awareness Month is co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and https://www.cisa.gov/cybersecurity-awareness-month
Day 1. Security Assessments 10/3/2022
We often talk with organizations that are looking to improve their #Cybersecurity posture. The most common question we hear is: “Where do we start?”
Our response: it starts with a security and risk assessment!
There are multiple reasons for this decision. Most importantly, it provides you with a baseline to build off of. Determine where your organization needs improvement, create a roadmap of all outstanding items, and work on improving your security posture! If you are looking to start your cybersecurity journey, reach out to one of our team members about how to get started!
Day 2. Annual Security Awareness Training 10/4/2022
How many times have you received a questionable email that you’ve won something? Perhaps you’ve received one pointing to a free Amazon gift card? Here’s a masterpiece: how about an email from a Nigerian prince who wants to award you with a share of his extensive fortune if you help him claim it? If you’ve been using the internet for a while, you’re probably no outsider to any of these #phishing emails. Cyber threats are not going away anytime soon. In fact, they continue to evolve and become more refined as time goes on. Hackers are constantly changing their tactics, techniques, and procedures (TTP). They also go after greater targets for greater loot.
Nevertheless, it is essential to remember that no company is too big or too small to qualify as hackers’ next target. Small businesses also fall prey to #hackers 43% of the time. Your organization will always be at risk. And your employees are your greatest security risk.
Mitigate that risk with Winsor Consulting’s Annual Security Awareness Training.
Day 3. Password Complexity 10/5/2022
As our reliance on online services and apps continues to grow, it’s more important than ever to better protect your passwords. In 2020, one single computer was able to reach 100,000,000,000 guesses per second. So, what makes a complex password in 2022?
There are multiple techniques that can make passwords complex and secure. While it’s natural to create a password that you can easily memorize & use across multiple different accounts you create; it’s not safe at all. Let’s take a look at some proven methods to increase the protection of your data while remaining convenient & cautious.
Longer Is Better: A brute force attack requires progressively more time the longer your password is. Eleven characters should be your minimum length to use, although 15 or more is more promising.
Never Reuse Passwords: If you reuse passwords, hackers will have access to numerous accounts when they figure out one password.
Don’t Add “Versions” To Passwords: When asked to update a password, many users add the next number in sequence — 2 or two and so on — to the end of it. Hackers know this and account for it in brute force or dictionary attacks.
Utilize Special Characters: Using “#” or “%” in your password may be difficult to remember (see below), but it makes a hacker’s job much more difficult.
Use A Password Manager: There are many passwords used throughout our day, a #PasswordManager such as LastPass, iCloud Passwords, or even Google Chrome’s password tools can help you create, manage & protect your passwords.
Day 4. MFA For Everything External 10/6/2022
Have you seen the length of #cyberliabilty insurance applications these days? 4-5 years ago you could get a policy without answering hardly any questions. Unfortunately, insurance companies got wind that #cyberattacks are on the rise! The applications consist of a lot of new requirements but the one we’re going to focus on today is #MultiFactorAuthentication!
Multi-factor Authentication isn’t a new technology by any means, though it is one of the most important and easily implemented programs. Whether it’s a regulatory requirement or #cyberinsurance, everyone is being required to start enforcing #MFA.
Our recommendation is to start with all externally facing access (VPN, 365, etc.), then all privileged accounts, and local workstation access. If you have MFA enabled on all of these, you’re at least going to make the bad guys’ job more difficult. You can also check that box on the cyber liability application confidently. We’re sure you don’t want to give the big insurance companies additional reasons to deny a claim!
Day 5. Password Management 10/7/2022
Are you one of the people who’ve memorized all your passwords? However, the only reason you remember is that you only change the number from 1 to 2 that’s at the end of it. That’s not good… Have you ever seen someone with a sticky note with all of their passwords on it? Yikes, Not a good idea. How about: “I’ll save them on my computer because I need a password to get to my spreadsheet.” Likewise, not the greatest idea.
What if there was a solution that allows you to save your passwords and generate very #complexpasswords? Plus, you don’t have to remember any of them besides ONE!
That solution is a #PasswordManager! Now obviously, you still need to make this system secure, so refer to our previous post’s advice and make sure your password manager is only accessible by an intricate password AND #MultifactorAuthentication!
Day 6. Inventory Control & Asset Management 10/10/2022
So you’ve gone through your initial security assessment and are putting together your roadmap, how do you actually put these new solutions in place?
Depending on what framework you are using for guidance, there are similarities with your first steps. If you’re following the CIS 18, or the Center for Internet Security, the first two controls are Asset Inventory and Software Inventory. Within the #NIST Cybersecurity Framework, the very first domain is “Identify”.
In order to properly secure your organization while following the subsequent domains or controls within your #cybersecurity framework, you have to KNOW what you have and where these #assets are located. We are wanting to be able to properly Protect, Detect, Respond, and Recover with #securitysolutions, although this is completely irrelevant if you don’t know what assets to implement these solutions on!
Whether you are going old school with a notepad locked in a filing cabinet, a password-protected excel spreadsheet, or an enterprise-grade inventory software solution. You are starting in the right direction! Take the information from your #securityassessment and make sure you have a list built of ALL company-owned hardware assets along with company-approved software applications.
This can help identify rogue devices that are connected to the network and you can create a plan going forward. As it relates to software, once you have the inventory management created, you can create security controls and implement #SaaS solutions to prevent employees from installing software that your organization doesn’t authorize!
Day 7. Privilege Access Management 10/11/2022
If you’ve been following along you know that we’ve talked about things like Password Complexity and Multi-Factor Authentication, some of which are required by cyber liability insurance.
One item that we have been addressing lately is users being local administrators on their workstations. Now, if this IS something that your organization allows, please reference back to our fourth post and make sure that you have all users locked down by #MFA! Nonetheless, there are better options available and not allowing users to be local admins is our recommendation.
What are the reasons for this? A lot of #malware and #ransomware can be disguised as an executable within a download. If the user can’t do that without approval, it greatly decreases the chance of an incident. Plus, do we really want “Leo Gee” in sales (names changed for obscurity) to be able to download any application he wants on his machine, or better yet changing system settings? I sure don’t! That’s going to make Software Asset Management pretty difficult! (see our last post 😉)
There are downsides that some might complain about when removing these privileges… Taking away user freedom to perform their own upgrades/downloads of course and more importantly more need for IT interaction. A user would have to put in a ticket or call IT every time they need to type in the admin credentials.
Surprise! We can help with Privilege Access Management solutions! There are many tools out there to use and Winsor has a couple of different options. By using these tools you can automate a lot of the approval process. We would allow the software to learn about your environment along with custom configurations by our technical staff to allow specific applications to be downloaded or updated. If you use Adobe, 365, Quickbooks, etc., we can whitelist these applications so they don’t need admin approval. On top of that, any application that is attempting to run will automatically go to the help desk and get approval or rejection within a short time frame. All without ever having to remote into the user’s machine.
There is a lot more to discuss as it relates to #PAM tools, application whitelisting, and ringfencing so if you’re interested please reach out to us to answer any questions you have!
Day 8. Mobile Device Management 10/12/2022
Can your employees access company information on their mobile devices? Hopefully, if you’ve been following along, these connections are locked down by #MFA! However, there are other concerns to have as it relates to company data on mobile devices.
There are a few things you need to determine as you’re addressing this, what data is accessible from mobile devices and how are employees allowed to use that data? Do they have their company email on their phone? How about your company’s instant-message platform? Are they authorized to share information outside of your organization’s applications (personal email, personal texting, etc.)? Even if they are not allowed, do they have the ability to do this?
If you are looking for a solution to these issues, the best recommendation would be to use a Mobile Device Management (MDM) platform!
Features of #MDM include:
– Application management
– Preventing data from being shared out of organization applications
– Disallowing screenshots of your organization’s applications
– Remotely wiping company data (from departed employees or devices)
When deploying #MobileDeviceManagement you can put into place security controls and #policies that will better protect your organization from leaked data or #employeedatacompromise. If you have questions or want to learn more about how this solution could help your #securityposture, reach out to us!
Day 9. Role-Based Access Control 10/13/2022
Yesterday we mentioned (briefly) the risks of leaked data from an #EmployeeDataCompromise. Of course, #MDM can offer security-based solutions that prevent employees from sharing files outside of your organization or screenshotting sensitive information. Regulating these things can be invaluable, but what do you have safeguarding your most important and critical operational software?
Role-Based Access Control (RBAC), otherwise known as #RoleBasedSecurity, is a system access control mechanism that requires assigning permissions and privileges to approved users to grant them access.
#RBAC is used by most big companies to give their employees different levels of access depending on their positions and responsibilities. This protects sensitive data and ensures that employees have only the information and activities they need to complete their jobs. You can assign a user the roles of administrator, expert, or end-user, and restrict their access to certain resources or tasks.
This is all dependent on numerous miscellaneous factors, some employees may be authorized to create and alter files, while others may only be permitted to view them, and even more, some may not be able to view them at all! At the end of the day, each employee should only have access to what they need for their job. Period.
Day 10. External Media Restrictions 10/14/2022
As many businesses are aware, there is evergrowing flexibility in the workplace. Employees no longer work on a single workstation in a fixed location. #RemoteWork is increasing rapidly and with that requires the tools to be able to transfer files and documents efficiently while remaining secure.
An employee may wish to work on a report from home and then bring it into the office to finalize and send it to a client. In this scenario, the easiest method for an employee is to use removable media to transfer the document to their corporate machine. But with this comes many risks.
Enforcing External Media Restrictions or a Removable Media Policy defines the organization’s stance on removable media and the expectations of users. For example, if the organization identifies the use of removable media as too much of a risk to manage securely, the stance may be on a “default deny” or “allow by exception” basis. There are technical security controls that can be put into place that will only allow you to use specific external media devices as designated by the company. With this, you can “whitelist” individual serial numbers and ONLY allow those devices that are owned and distributed by the organization.
Users should be informed and properly trained on the risk of using removable media, and the expectations of managing removable media securely. Ensure antivirus or #EDR solution is set up to automatically scan any external media device that is connected to your machine. If your security awareness training has failed you and your user decides to plug in an unknown storage device into their machine, you have peace knowing these controls are in place to protect and detect!
Day 11. Encryption 10/17/2022
When you were a young child did you and your friends have any code words, or secret languages, or use pig Latin to try to confuse your parents or teachers? “Ofyay oursecay ouyay idday!” You might not have known it, but you were using a form of #encryption!
Encryption, what is it and why is it essential for cybersecurity?
By definition, encryption is the process of “encoding” information. Taking information that is in its original form (plaintext) and converting it into an alternate form (ciphertext). Just as you did when you were a kid using pig Latin!
There are many uses for encryption and many of which are required by regulatory bodies or cyber liability insurance.
Encryption for laptops and mobile devices (phones and tablets), if a device gets lost or stolen, make sure you are managing encryption on these devices! Encryption on your backups is very important and make sure your keys to decrypt are stored in a safe location offline! The last one I’ll touch on is encryption for emails you are sending with sensitive information. This will allow only the person with a passcode on the other end of the email to access the information! There’s a lot more we can talk about here, so if you have any questions please reach out!
Day 12. Patch Management 10/18/2022
Building a strong #cybersecurity program for your organization has a lot of similarities to owning a home. Most people probably have locks on their doors and windows, roofs over their houses, garage door openers, smoke alarms, CO2 detectors, and nowadays even cameras that detect any sort of movement.
Now all of these things are important, don’t get me wrong, but none of them matter too much if you have a hole in your roof or a window that is broken out. Since most people don’t want rodents or criminals in their houses, you’re probably going to reach out to a contractor to repair these issues.
How does this tie into cybersecurity you might ask? PATCH MANAGEMENT! Every day, similar to your house, your systems can become vulnerable to cyber rodents and criminals. You can have ALL of the best cybersecurity tools out there, but not patching and updating your organization’s systems would be the equivalent of having a state of art home security system but forgetting to put doors on the hinges. Unpatched systems are just that, a wide-open door to your network, so you need a rock-solid patch management plan to keep your software, operating systems, and firmware up to date!
Now there are many ways to do this internally, however, using a company like Winsor will take that worry completely off your plate. Let our automated tools and dedicated team handle all of your patch management needs and much more!
Day 13. Vulnerability Management 10/19/2022
Now that you have a formal Patch Management program in place (refer to the previous post) you are feeling pretty good about your security, right? You’ve repaired the roof, put a new steel door on the front of the house, and secured the windows. However, how do you keep these issues from happening again?
Much akin to the “Home scenario”, these vulnerabilities will continue to come to light as time goes on. Cybercriminals aren’t just giving up because Microsoft forced out a new cumulative update! They are constantly attempting to break down the doors and find new holes in your network. As the cybersecurity industry adapts and evolves, so do the criminals!
With a Vulnerability Management program, you can set yourself and your organization up for increased success in defending yourself against bad actors. This consists of an ongoing process of monitoring, scanning, mitigating, and remediating vulnerabilities. There are a variety of services and tools out there to assist with this!
If you don’t have a formal process for #VulnerabilityManagement and don’t know where to begin, here’s our suggestion; Have a #cybersecurity company such as Winsor perform a baseline Vulnerability Assessment to find out where you’re starting from. Once you have established this, we would create a roadmap to start remediating the vulnerabilities. If you are doing this on your own, start with the low-hanging fruit first. Cheap, quick wins that can get you started! Never feel the need to go it alone.
Day 14. Test Replication & Backups 10/20/2022
So far we are two-thirds the way through #CybersecurityAwarenessMonth and have posted about a lot of very important security controls and concepts. Today’s however; might be one of the most important.
When it comes to #cybersecurity most people just think about protection or possibly detection. Keeping the bad guys out and being notified when there is an issue, is indeed important, don’t get me wrong.
Nonetheless, what happens when an organization DOES have a serious incident? Have you gone through all of the different scenarios of disasters that could strike your systems? What do you do if you are a victim of #ransomware, a natural disaster, or there is a serious fire that takes out your server room? Having a disaster recovery plan is very important to understand what the response will look like in these scenarios. One of the most important parts of this plan is your backup solution.
Many companies utilize #backupsolutions for their data, though there are important questions that should be answered!
-What data is being backed up? Is it just file-level backups of everything on the server or do you have image-level replication?
-Are your backups hosted locally on a NAS device or are they going offsite? Where are they going offsite?
-Are your backups encrypted? Where are the encryption keys stored? *Note: Hopefully not in Active Directory!*
-Lastly, are you testing your backups regularly? Do you perform a full disaster recovery test or are you just pulling down a file now and then to make sure they are there?
Day 15. Incident Response Planning10/24/2022
In Thursday’s post, we talked about #Backups, #Replication, and Disaster Recovery. You should have a tested Disaster Recovery Plan for your organization that you test regularly.
What else do you need to be prepared for in the event of an incident or breach? The best place to start is with an Incident Response Plan (IRP)! An IRP is a documented set of instructions or procedures that will help your organization detect, respond to, and limit the damage from malicious attacks.
With Incident Response Plans you should document the processes that will work with your organization’s business processes. Once this is documented, every department should be trained on what the process is following various incidents. If someone gets ransomware on their machine, what are the steps they should follow after discovering this? When someone clicks on a malicious email, what do they do? If a data breach is discovered, who is contacting the lawyer, the insurance company, or the State’s Attorney’s office?
These are all items that should be addressed in your incident response plan. Once you have this in place, the best way to test it and train your employees is through Table Top Exercises. Sit down, whether it’s company-wide or department-wide, and treat the exercise like it’s a real incident. Review all the numerous scenarios that could take place within the incident response plan and make sure everyone in your organization is prepared for anything!
Day 16. Endpoint Detection & Response 10/26/2022
By now you’re probably asking ‘What more could there be!?’ Trust us, there’s plenty more.
Now that we’ve covered what you should do to be properly, and adequately, prepared for #CyberAttack or #DataBreach, what else can you do to prevent one from happening? You have your basic #AntiVirus installed, you’ve taken #Backups of your network, and all your software is up-to-date thanks to #PatchManagement… What do you do to monitor your devices? What’s keeping tabs on them 24/7?
#EDR software is a cybersecurity solution that monitors and analyzes endpoint data in real-time to discover and prevent malicious attacks. An endpoint is any device that sends or receives data on a network. You use these devices every day:
• Internet of Things (IoT) devices like refrigerators, cameras, and thermostats
Endpoint detection and response solutions #WorkCollaboratively with other #Cybersecurity solutions, such as firewalls, anti-malware software, and user/entity behavior analytics platforms, to provide a comprehensive, protective barrier between malicious actors and your priceless assets. With these systems in place, you’re able to keep track and monitor for ANY ‘sus’ activity or files. Get with one of our team members and we can help you implement an even more secure safeguard on your network!
Day 17. Security Information & Event Management 10/27/2022
With the world going digital and cyberattacks turning wild, effective #cyberdefense is essential for paving the way to safety. Whether it’s the safety of an organization’s data or its stature, the right cyberdefense processes protect it all.
Security information and event management, or SIEM for short, is a #Cybersecurity Solution that helps organizations detect, analyze, and respond to security threats before they harm business operations.
SIEM combines both security information management (SIM) and security event management (SEM) into one security management system. This technology collects event log data from a range of sources, identifies activity that deviates from the norm with real-time analysis, and takes appropriate action.
TLDR: SIEM gives organizations visibility into activity within their network so they can respond swiftly to potential cyberattacks and meet compliance requirements. Ask us how we can get you hooked up with the most secure network tools!