ARTICLES

Role for the IT Lead

The top tasks for the IT lead and staff include the following:

1. Ensure MFA is mandated using technical controls, not faith. Some organizations have instructed their users to enroll in MFA, but not all users complete that task. There are often MFA gaps for recently onboarded staff and for people who have migrated to a new phone. You’ll need to regularly look for non-compliant accounts and remediate. Verify, verify, verify MFA stats.
2. Enable MFA for all system administrator accounts. System administrators are valuable targets for attackers. You might assume that they would reflexively enroll in MFA. Yet Microsoft reports that only 30% of Azure Active Directory global administrators use MFA. In many compromises, attackers were able to get a foothold on the system administrator’s account, and from there they had complete access to all the company’s assets.
3. Patch. Many attacks succeed because the victims were running vulnerable software when a newer, safer, version was available. Keeping your systems patched is one of the most cost-effective practices to improve your security posture. Be sure to monitor CISA’s Known Exploited Vulnerabilities (KEV) Catalog, a list of the vulnerabilities we see attackers using in real attacks. Prioritize the vulnerabilities in the KEV. Also, where possible enable auto update mechanisms.
4. Perform and test backups. Many organizations who have fallen victim to ransomware either had no backups or had incomplete/damaged backups. It’s not enough to schedule all important systems to have a regular backup. It’s critical to regularly test partial and full restores. You’ll have to pick a cadence for the backups (continuous, hourly, weekly, etc.). You’ll also want to write a plan for the restoration. Some organizations experiencing ransomware attacks found that the time to restore their data was significantly longer than expected, impacting their business.
5. Remove administrator privileges from user laptops. A common attack vector is to trick users into running malicious software. The attacker’s job is made easy when users have administrator privileges. A user who lacks administrator privileges cannot install software, and this type of attack won’t work.
6. Enable disk encryption for laptops. Modern smartphones encrypt their local storage, as do Chromebooks. Windows and Mac laptops, however, must be configured to encrypt their drives. Given how many laptops are lost or stolen each year, it’s important to ensure that your laptop fleet is protected.

There are, of course, many other IT tasks that add to a good security program. While this list is not exhaustive it does contain the top actions you can take that addresses the most common attacks. 

Achieving the Highest Security Posture

When security experts give cybersecurity advice, they usually assume you are only willing to make small changes to your IT infrastructure. But what would you do if you could reshape your IT infrastructure? Some organizations have made more aggressive changes to their IT systems in order to reduce their “attack surface.” In some cases, they have been able to all but eliminate (YES, WE SAID ELIMINATE!) the possibility of falling victim to phishing attacks. Sound interesting? Keep reading!

On premises vs cloud

One major improvement you can make is to eliminate all services that are hosted in your offices. We call these services “on premises” or “on-prem” services. Examples of on-prem services are mail and file storage in your office space. These systems require a great deal of skill to secure. They also require time to patch, to monitor, and to respond to potential security events. Few small businesses have the time and expertise to keep them secure.

While it’s not possible to categorically state that “the cloud is more secure,” we have seen repeatedly that organizations of all sizes cannot continuously handle the security and time commitments of running on-prem mail and file storage services. The solution is to migrate those services to secure cloud versions, such as Google Workspace or Microsoft 365 for enterprise email. These services are built and maintained using world-class engineering and security talent at an attractive price point. We urge all businesses with on-prem systems to migrate to secure cloud-based alternatives as soon as possible.

Secure endpoints

While all operating system vendors work to continuously improve the security of their products, two stand out as being “secure by design,” specifically, Chromebooks and iOS devices like iPads.

Some organizations have migrated some or all their staff to use Chromebooks and iPads. As a result, they have removed a great deal of “attack surface,” which in turn makes it much harder for attackers to get a foothold. Even if an attacker were able to find a foothold on those systems as part of a ransomware attack, the data primarily lives in a secure cloud service, reducing the severity of the attack.