It’s good to have a baseball bat...

Andrew Smith – Chief Information Security Officer – Kyocera Document Solutions UK

Ok, let me level with you, if I had a baseball bat I am not sure I would have the courage to use it should a thief enter my home. Neither do I advise this is the correct course of action in such a scenario.

The point I am making rather, is the importance of Cyber Hygiene.

I would not leave my front and back door open and be surprised when someone enters to have a look around and take what they want. 

Do you have a blind spot?

I see customers regularly spending huge amounts of money on the latest tools that produce thousands of alerts – which they only look at when they have time during the day because they do not have a managed service – yet they fail to address the fundamental hygiene items in their environment.

Even where I see customers with hygiene activity. I often see blind spots due to the lack of framework best practices or a structured programme across their hygiene efforts. Of course time plays a big part and many IT professionals in SMBs have had “Cyber” tagged on to the day job, but the point remains whether it is time or lack of structure, do you have a blind spot?

I am a strong believer in doing everything possible to stop the thief firstly seeing me as a target, but secondly from walking straight in through an unlocked door.

The NIST framework provides strong guidance and structure to activities relating to a company’s overall cyber security and risk position.

We advise customers to adopt a strong hygiene programme to prevent as well as being ready to react and cure.

With this in mind:

• Patching – are you really patching EVERYTHING and how are you doing it? Are you patching operating systems AND third party applications? Are you getting urgent patches on quickly, are you rebooting endpoints to ensure patches are applied? What about network devices, switches, printers and IoT devices?
• Identities – do you have a strict password policy that’s applied to all users? Do you have account lock-outs configured? Do you have conditional access policies including geofencing for known safe locations? Do you limit privilege accounts and separate them from normal accounts?
• Multi-factor authentication – do you have this turned on for ALL users, without exception, including shared accounts (if you have to have them).
• Firewalls – endpoints are no longer behind the corporate firewall all the time, do you have firewalls turned on for endpoints and are you restricting inbound and outbound traffic?.
• Applications – do you restrict what can be installed and have you removed local administrative access?
• Removable Media – do you restrict access to removable media, including USB sticks.Connectivity – do you restrict web activity of known malicious sites? Do you remove internet access from privilege accounts and high-risk servers?
• Hardening – have you completed Active Directory hardening? Have you plugged the known issues that protect your key authentication database from being compromised? Have you hardened your servers?

I am not suggesting this as an exhaustive list, of course we could all build a moat around our houses, but it certainly provides the foundational hygiene items. Build time for the checks, balances and controls to ensure items are actually being done. Once it becomes routine, beware – it is often when items get missed. 

Of course, there are approaches to detect and react when/if an attacker gets in – perhaps I will write another entry on ‘They got in, how did I know and what do I do’ – but here I focus on the hygiene items that prevent them trying and if they do try, making it as difficult as possible for them to enter.

So do not delay, focus on your hygiene and make sure they look to the next house instead of yours!