Protect Yourself From Cybercrime: 6 More Best Practices To Implement Now

By Christopher Camejo, Director of Threat and Vulnerability Analysis, NTT Com Security

As discussed in Part 1, most companies have by now at least a basic awareness of the need to take action to reduce their vulnerability to cybercrime and to prepare for the possibility that they will suffer a cyberattack. In that article, we outlined six of our 12 best practices for addressing and responding to cyber risks. In Part 2, we will discuss the remaining six.

7. Segment Your Network
   Many breaches originate in one part of a network where attackers gain entry through an exposed vulnerability, then progress across the network as hackers use their initial foothold to scan for other vulnerable machine behind the security perimeter. This is made possible by the lack of internal security perimeters to prevent access to areas that contain sensitive data from other more commonly exploited internal systems. It is critical to implement a network infrastructure that allows different functional areas to enforce unique data and access requirements and ensure that data exchanged between segments is properly scrutinized. Each network segment’s internal perimeter should align with their functional areas and reflect the data sensitivity and access requirements for those areas. Admin accounts are a favorite target of attackers, so system administration functions must be conducted from specific subnets and segregated networks. This enables granular control of who may perform these actions and from which authorized segments they may originate.
    
8. Malware Protection Process
   Based on our analysis over the past few years, we estimate signature-based anti-virus solutions catch only 46 percent of viruses. So, while signature-based anti-virus solutions are an essential first line of defense, they cannot stop malware threats on their own. This is significant because malware is a common tool used in initial attacks, often exploiting a combination of technical and human vulnerabilities through phishing or drive-by download attacks. Malware also increases its survivability by disabling anti-virus solutions.
   
   To combat this, it is essential for organizations to complement anti-virus solutions with technologies that monitor and scrutinize network and email traffic for signs of malware-related malicious activity such as command and control communications — with these processes also applied to mobile and user-owned devices. Investing in both host-based and network-based detection and quarantine capabilities, for example, greatly increases the chances of detecting intrusions.
    
9. Manage User Privileges
   Phishing attacks regularly attempt to gather users’ credentials so the attacker can use them against the network. Every user should be given access to only those areas of the network required to perform their specific job function, with links to HR updates and changes to ensure proper privileges are maintained for each user as their job roles change. Of particular note are admin or other accounts that may change system configurations, including installing potentially unauthorized software. Companies must also monitor all user activity and sensitive data access — or attempted access — for potential signs of a breach
    
10. Establish Social Media Ground Rules
    Following on their widespread popularity, social media platforms have become a primary path for criminals to gain information about employees and networks that they want to target or to directly distribute malware — and most employees access social media at work or when remotely connected to corporate networks via mobile devices. Protecting organizations from this potential threat requires setting clear rules regarding acceptable use of social media in the office, as well as secure outside use and making users aware of the types of information that could pose a risk to the company if posted. These policies must be properly communicated, with violations potentially addressed with disciplinary action.
     
11. Perform Third-Party Security Assessments
    Instead of waiting for hackers to expose vulnerabilities or ineffective network monitoring, companies can engage specialized third-party consultants to conduct penetration testing to detect and analyze vulnerabilities. We recommend that this is performed at least annually. Using the same tactics as real attackers, including phishing, physical infiltration of facilities, Internet searches for leaked passwords or sensitive data, and straight up hacking, these tests allow organizations to proactively identify and address weaknesses. Custom applications are particularly concerning as they often contain vulnerabilities that are hard for scanners to detect automatically but that attackers can easily find and exploit. Penetration testing goes beyond the basic vulnerability scans organizations should conduct by actually attempting to exploit vulnerabilities to capture sensitive data and is a key part of a robust information security program.
     
12. Formalize Risk Management
    The final step in cybercrime protection is to establish, maintain and enforce a formal process for risk management. Ideally, this should be based on an internationally recognized standard such as ISO 27001, which exists to help organizations objectively manage their risks.

Unfortunately, all organizations are vulnerable to network breaches, and no one can afford the potential cost of these incidents. Therefore it is imperative for companies to implement the most effective policies, procedures and practices to ensure the greatest protection of their networks while preparing for the possibility of an attack. When added to the best practices outlined in Part 1, these six tactics will help organizations prevent and/or recover from the omnipresent and ever-evolving threat of cybercrime.