Securitas: Cybersecurity information from Juris Fabrilis
The items below are components of our cybersecurity and data protection programs. These programs have been put together over the last 12-18 months and have been tested mercilessly for ease of use, effectiveness and thoroughness. Each of the items below are important in hardening your systems and reducing your attack surfaces.
DNS filtering provides a 360-degree view of internet usage and minimizes access to unsafe sites. Defensive security measures normally block inbound-only threats, but DNS filtering blocks known and unknown outbound threats by adding a safety layer in between the user and the internet. The DNS filter provides blocking of malware, viruses, phishing, ransomware, and malicious sites.
SPF, DKIM & DMARC
Sender Policy Framework (SPF) is an email authentication technology used in email delivery and security. SPF gives the receiver of an email information on how legitimate the sender email is. When a recipient receives an email, their email provider verifies the SPF record by looking up the domain name listed in the “envelope from” address (which is the return address) in the DNS records. If the IP address of the sending email message is originally from a server that is not on your list, then the receiving server may flag the message as spam which will then fail the SPF authentication check.
DomainKeys Identified Mail (DKIM) is an email authentication method. This method is used to detect spoofed, or fake sender email addresses and is a way to link an email back to a domain. When using DKIM, a sender can attach DKIM signatures to an email and once the recipient receives the email, they can verify that the sender is legitimate. DKIM is important because spoofing emails from trusted domains is a popular technique for phishing campaigns, and DKIM makes it more difficult to spoof emails from domains that use it.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that protects your domain from email spoofing. DMARC is very effective for organizations because it uses both DKIM and SPF records to validate the sender of an email. DMARC removes guesswork from the receiver’s handling of failed messages by limiting or eliminating the user’s exposure to potentially fraudulent and harmful messages.
Multi-factor Authentication (MFA/2FA)
MFA, sometimes referred to as two-factor authentication, or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.
Anti-Virus, Anti-Malware and Endpoint Detection & Response (EDR)
Antivirus software, or anti-virus software, is a computer program used to prevent, detect, and remove computer viruses. Antivirus software works by scanning incoming files or code that’s being passed through your network traffic. Companies who build this software compile an extensive database of already known viruses and malware and teach the software how to detect, flag, and remove them. It is critical to maintain licensed, up-to-date antivirus software as part of an overall security strategy.
Anti-malware software is also designed to protect against viruses; it just uses a more modern name that encompasses all kinds of malicious software, including viruses. Anti-malware can stop an online viral infection from happening and remove infected files. However, anti-malware isn’t necessarily equipped to restore files that have been changed or replaced by a virus. Anti-malware also detects threats using newer methods that look for malicious behavior called heuristic analysis. Malware is the root of Ransomware. It is critical to maintain licensed, up-to-date antimalware software as part of an overall security strategy.
Endpoint Detection and Response (EDR) finds and stops hidden threats that sneak past preventative security tools by providing an underlying layer of managed detection and response. EDR detects, analyzes, and responds to persistent footholds, ransomware and other hard-to-detect threats and unwanted activity. EDR utilizes proactive threat hunting and detection is a ‘last line of defense’ and minimizes risk when other security barriers fall short.
3rd Party Spam Filtering
3rd Party Spam Filter email security and protection blocks phishing, spam email, malware, viruses, ransomware, and malicious email threats in an advanced yet easy to use system. 99% of inbound threats come through email- These filters helps reduce failure opportunities by eliminating the threat before it gets to an end-user mailbox.
Dark Web Monitoring
Dark web exposure is one of the first indicators that an employee or company is at risk. Access is primarily gained by hackers and other threat actors through stolen credentials. Dark web monitors provides a ‘canary in the coal mine’ indicator for your security systems by reporting detections on the dark web- giving you an opportunity to act fast and take control before the cybercriminals do.
O365 Tenant Rules & Monitoring
Microsoft continues to push Office 365 security as a major topic, but they do not turn on all necessary security and business features by default. Microsoft recommends taking additional configuration steps to enhance the security of the tenant, including 2FA, training, dedicated admin accounts, etc. Continuous monitoring rules can also be implemented to assist administrators with recognizing and preventing unwanted forward rules from being created, passwords from being changed and others. There are additional rules in Microsoft’s Active Directory Azure platform that can even prevent login attempts on accounts that are from outside of the borders of the United States. These items should be configured for use and monitored regularly for effectiveness.
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization’s official regulations and may be taught as part of security awareness training. Password policy should include active directory, Microsoft Office 365 and other systems password for regular changing, updating and in keeping with the NIST regulation and/or general best practices.
An acceptable use policy, acceptable usage policy or fair use policy is a set of rules applied by the owner, creator or administrator of a computer network website, or service that restricts the ways in which the network, website or system may be used and sets guidelines as to how it should be used. Acceptable use can include email policy, remote access policy, password policy and many others.
Data Security Training
End-user security training refers to raising awareness among staff members who can become easy targets for hackers. Anyone who is using the internet daily can inadvertently provide access to your company’s sensitive data. End users need to receive the proper training to spot and avoid these threats, in the first place. Providing the training and raising awareness among staff members about the types of security threats that target them directly, should be at the top of every security investment. The reality of the matter is that end user security training will increase your employees’ ability to keep your organization secure, keep up with the changes in system updates, company policies, and new threats. By helping your staff members recognize these dangers and handle various security incidents, many cyber-attacks will be circumvented.
90% of data breaches start with a phishing email. Reduce your organization’s chance of experiencing a cybersecurity disaster by up to 70% with security awareness training that includes phishing simulation. By providing regular, evolving security & phishing awareness training, you’ll educate them on potential security threats and encourage behavior change. Preparing employees for the inevitable attack, whether they are working in the office, on the road, or from home will provide peace of mind, shore up security, and fulfill and document compliance.
Cyber Insurance Questionnaire Review
Cyber insurance generally covers your business’ liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records. Cyber insurance is often excluded from a general liability policy. There are many different endorsements, conditions and coverage opportunities included in most cyber insurance policies. Cyber insurance is an inexpensive way to cover the cost of major issues that come from weaknesses in network, personnel, and general IT security implementations.