The world of cybersecurity is constantly inundated with news on the latest data breaches, cybercriminal attack trends, and security measures. And while that information is critical for adapting to the ever-changing nature of cybercrime, it’s also important to pay attention to foundational measures as well. Basic security hygiene still protects against 98% of attacks.
As companies become increasingly reliant on technology and online systems to conduct their business, meeting the minimum standards for cyber hygiene is essential for protecting against cyber threats, minimizing risk, and ensuring ongoing business viability.
Read on to learn what these standards are and how you can begin implementing them in your organization.
Increase your cyber hygiene in 5 steps
- Require phishing-resistant MFA: Enabling multifactor authentication (MFA) can help prevent up to 99.9% of attacks. This is because MFA helps disrupt potential phishing attacks by requiring attacks to crack more than two factors of verification in order to gain access to your system.
However, in order for MFA to be effective, it must be frictionless. Options like device biometrics or FIDO2 compliant factors such as Feitan or Yubico security keys can help increase security without placing an additional burden on employees. Likewise, MFA should be strategically leveraged to help protect sensitive data and critical systems rather than applying it to every single interaction.
Finally, MFA should be easy for end users. Conditional access policies are a great solution here, as they can trigger two-step verification based on risk detections, as well as pass-through authentication and single sign on (SSO). This helps reduce the need for end users to navigate multiple sign-on sequences to access non-critical file shares or calendars on the corporate network as long as their devices are updated. It also eliminates the need for 90-day password resets.
- Apply Zero Trust principles: Zero Trust acts as a proactive, integrated approach to security across all layers of the digital estate. Under the Zero Trust model, every transaction is explicitly and continuously verified; least-privilege access is enforced; and intelligence, advance detection, and real-time threat response become the cornerstones of security.
By adopting Zero Trust, organizations can better support remote and hybrid work, help prevent or reduce business damage from a breach, identify and help protect sensitive business data and identities, and build confidence in your security posture and programs across the enterprise.
- Use modern anti-malware solutions: Threat actors move fast and often seek to go undetected. Extended detection and response tools can help flag and automatically block malware attacks while providing insights to the security operations team. Monitoring these insights from threat detection systems is also essential to being able to respond to threats in a timely fashion. There are multiple stages of implementing a modern anti-malware platform.
First are security automation and orchestration best practices. To start, we recommend moving as much work as possible to your sensors. Focus on deploying sensors that automate, correlate, and interlink findings prior to sending them to an analyst. Similarly, you can automate alert collection and prioritization to help reduce the load on your security operations analysts. We also recommend automating common, repetitive, and time-consuming administrative processes first before standardizing response procedures. Finally, focus on continuous improvement by monitoring key metrics and tuning your sensors and workflows to drive incremental changes.
When it comes to actually preventing, detecting, and responding to threats, integrated extended detection and response (XDR) and security information and event management (SIEM) solutions can help defend against threats across all workloads. Some common risk areas that attackers target include remote access solutions, email and collaboration software, and internet-exposed endpoints. Integrated XDR and SIEM come into play by providing high-quality alerts and minimizing friction and manual steps during response.
- Keep systems up to date: Unpatched and out-of-date systems are a key reason many organizations fall victim to an attack. For example, IoT/OT devices are becoming an increasingly popular target for cybercriminals and botnets. When routers are unpatched and left exposed directly to the internet, threat actors can abuse them to gain access to networks, execute malicious attacks, and even support their operations.
Organizations can help circumvent this risk by following best practices such as applying software patches as soon as they’re released. You should also change default passwords and SSH ports to ensure devices are robust. It’s also important to gain deeper visibility into the IoT/OT devices on your network and prioritize them by risk to the enterprise if they are compromised. You can further reduce your attack surface by eliminating unnecessary internet connections and open ports, restricting remote access by blocking ports, denying remote access, and using VPN services.
- Protect data: Today’s hybrid workspaces require data to be accessed from multiple devices, apps, and services from around the world. With so many platforms and access points, organizations need strong protections against data theft and leakage. A defense-in-depth approach is one way to fortify your data security.
In order to implement this defense-in-depth approach, you must identify your data landscape by understanding where your data lives and how it’s accessed. Along a similar vein, you’ll need to protect your data when it’s at rest and in transit. This is done by accurately labeling, classifying, and tracking the movement of your data.
Once this data is mapped and labeled, you’ll need to manage any user risks or internal threats that can lead to potential data security incidents, and that includes internal threats. This can be done through a combination of the right people, processes, training, and tools. There’s also the issue of data loss and the unauthorized use of data. An effective data loss protection solution should balance protection and productivity by ensuring proper access controls and policies to help prevent the improper saving, storing, or printing of sensitive data.
Finally, as data governance shifts and business teams become the stewards of their own data, organizations must work to create a unified approach across the enterprise. Proactive data lifecycle management can lead to better data security and help ensure that data is responsibly democratized for the user, where it can drive business value.
Although threat actors continue to evolve and grow more sophisticated, simple measures such as enabling MFA, applying Zero Trust principles, keeping systems up to date, using modern anti-malware solutions, and protecting data can help prevent 98% of attacks. To learn more about how you can enhance security within your organization and get the latest threat intelligence, visit Microsoft Security Insider.