Reflecting over the weekend on the Marriott data breach, we thought that it might be helpful to publish 7 things organisations can do to help keep attackers out of their network. While the list is by no means exhaustive, taking these steps will definitely improve your security posture.
- Use 2 factor authentication: Even if you’ve happened to use weak password, and its been disclosed in a breach or you’ve accidentally disclosed it you will be protected from a breach by this second layer of security known as 2FA.
- Never reuse passwords: This is a common way cyber criminals gain access to an organisation – use a password manager which can create secure password and minimise the effects that if your password gets disclosed in one breach. (Visit haveibeenpwned.com for more information on password reuse threats and breaches).
- Be vigilant of phishing emails: Cyber criminals are increasingly trying to dupe users into disclosing sensitive information such as login details for emails and remote network access. If its significant or suspicious then ring the person using a number in your phone book to confirm.
- Software Run and Install Restrictions: Even if the user downloads a malicious file they will not be able to open it. This can be achieved by using active directory group policy, in ‘software restriction policies’ and ‘application control policies’.
- Lockdown Office and Adobe: Disable office Macros from running and enable protected mode which prevent malicious scripts from running. This can be set up in active directory group policy.
- Setup automatic security updates: Organisations will get attacked when they don’t patch, fact! So set up automatic updates on as many devices as possible.
- Firewall Restricting: Lockdown unnecessary ports on all devices and setup IP whitelisting externally ideally just for the intended users or even region. (Check out the difference between White listing and Black listing) There is no reason that other countries and continents even need to see that you have those services exposed.