Page 37 - Cyber Defense eMagazine - December 2017
P. 37
7. Make Sure You Have a Documented Desktop Configuration Policy
Make sure you’ve got a good security policy for dealing with access to your common
desktop. Is the user allowed to do anything they like? Or is it cut down? Do you have a
VPN access policy, and what is it? What is your policy for identity and authentication?
There’s a whole world of things that you could do—far too many to mention here.
However, if you don’t document the policy as a starting point, you will almost certainly
have vulnerabilities.
8. Use Multi-Factor Authentication
Definitely consider multi-factor authentication (MFA). MFA is very practical now, with
fingerprints, facial scans, etc. Biometrics really has changed the game, though other
forms of secondary authentication are fine. The main thing is don’t rely exclusively on
usernames and passwords anymore.
9. Have an Incident Response Plan in Place
Your company should have a set of procedures in place for the “what if” scenario. This
way, you are prepared if you get hit with malware, if there’s a disaster, or if there’s some
kind of data breach. If you have a plan already, “you don’t run around like a headless
chicken,” as Andy puts it. You need to flip over to “Okay, right, there’s a procedure for
that; let’s deal with it.”
Remember that you might need to restore data. When talking about security, we often
talk about computer security. For a company, however, the topic of information security
looms large. A company needs to be prepared to bring back data if and when an
incident occurs.
37 Cyber Defense eMagazine – December 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
