Cybersecurity Consulting
February 21, 2022
6 minutes
Stay up to date on the latest cybersecurity best practices recommended by the FBI, NSA, and CISA to stay protected against the most modern cyberthreats.
Read on to see what’s currently recommended and learn more about how organizations can stay secure.
It is recommended that organizations require multi-factor authentication for all users with no exceptions. This means implementing an additional layer of security for user logins that requires a combination of two or more credentials to verify the identity of the user.
This increases an organization’s security because even if one set of credentials is compromised by bad actors, an unauthorized user will still be unable to access the network without both.
Setting a strong password and passphrase policy is also recommended to increase security and prevent unauthorized access. Organizations must use strong passphrases that are complex, long, and only used for one account.
Additionally, ensure these passwords and passphrases are securely stored using appropriate software with security measures in place.
To secure login credentials, it is recommended that organizations adhere to these best practices:
To ensure requests and events are monitored for malicious activity, organizations should secure their accounts and enforce access management protocols to prevent misuse of credentials. Here are some best practices to follow:
Enforce the principle of least privilege. Accounts should only have access to the minimum permissions they need in order to fulfil their duties.
Require unique and distinct administrative accounts for different sets of tasks
Create non-privileged accounts for privileged users. Provide non-privileged accounts for privileged users to perform actions like web browsing, email access, etc.
Organizations should use network monitoring tools to identify, detect, and investigate abnormal behavior that could indicate a malicious party, lateral movement, or malware.
Organizations can use endpoint detection and response (EDR) tools to detect these lateral connections as they’ll have insight into the common and uncommon network connections for each host, making it easier to identify connections that don’t belong.
To prevent phishing emails from reaching their end users, organizations should invest in stronger spam filters to remove emails with executable files to prevent them from causing harm.
Additionally, user training should be given to help users identify and avoid visiting malicious websites, opening suspect attachments, and to overall have a better understanding of potential threats lurking in their inbox or online.
Critical infrastructure organizations should implement network segmentation to help separate networks based on role and functionality. This can prevent lateral movement by controlling traffic flows and access to various subnetworks.
Appropriately implemented network segmentation between IT and Operational Technology (OT) networks limits the ability of adversaries to pivot to the OT network even if the IT network is compromised.
Organizations should also organize their OT assets into logical zones and take into account criticality, consequence, and operational necessity. Define the acceptable communication conduits between these zones and deploy security controls to help filter network traffic and monitor communications between zones to identify unwanted actors.
Organizations should always update their software—including operating systems, applications, tools, and firmware on IT network assets—in a timely manner to maintain high security. Prioritize patching known exploitations and vulnerabilities and critical software.
Consider using a centralized patch management system for OT networks and use a risk-based assessment strategy to determine the OT network assets and zones that should be a part of it.
Additionally, always use the best, most-updated antivirus programs to prevent malware from entering your network.
These programs help track and mitigate emerging threats by reviewing system configurations to find misconfigurations that could lead to security weaknesses and vulnerabilities.
Review your network security device logs and determine which ports and protocols are unnecessary and can be shut off.
Cybersecurity is always changing and adapting as hackers find new ways to penetrate systems and cause harm to business networks. Organizations should always adhere to the most up-to-date best practices to ensure they are fully protected against cyberthreats.
If you want to learn more about these threats or the cybersecurity solutions that can help you stay secure against them, contact a DOT Security expert today or learn more on our Insights Page.