Page 151 - Cyber Defense eMagazine January 2023
P. 151
revoking all login access immediately the worker leaves, informing all colleagues and
shareholders of the departure and monitoring the systems the employee had access to for a
period of time after they leave.
Having enough people for a powerful cloud security strategy doesn’t mean you must appoint high-cost,
permanent employees. Managed information security services can extend your operation by providing
the support you need around the clock, and at fractions of the price of a full-time security professional.
Q #4: What are some security best practices to adopt in our organization?
Some organizations choose to be very flexible with security and only do the bare minimum needed to
comply with the different frameworks. More security-conscious organizations often go above and beyond
and implement advanced security controls.
For example, I once worked with a client who forced all employees to register their phones and computers
in MDM before they could access any company resources. This wasn't a compliance requirement but a
choice the organization made to improve its security posture.
Basic best practice options every business should adopt include:
▪ Conduct regular risk assessments across all systems. Things change. Software gets
updated, bad actors find new ways to target organizations, and the value of your data to hackers
becomes more valuable and easier to access. Companies should assess their risk levels annually
at least, if not more often, and when they make any significant systems or business changes that
could leave them vulnerable. These include migrating to the cloud or appointing a new supplier
with access to the systems.
▪ Implement measures to reduce risk. Once you know what factors threaten your SaaS
organization, you can implement reasonable security controls to mitigate these risks. Train your
staff in security awareness. Apply penalties for violation of security rules. Screen new hires and
provision user rights to allow access to essential services only.
▪ Apply password controls and virus protections. Develop comprehensive password policies
and enforce the use of multi-factor authentication. Make sure your firewall is correctly configured,
and encrypt your data using a VPN. Install tough virus and malware protection and securely
dispose of old and discarded equipment.
▪ Inventory all data, equipment, and processes. Protecting your data depends on knowing what
you have and where it is. Many data breaches involve leads of confidential information that was
inadvertently stored in email, on lost laptops, or backup tapes. Identify and catalog all your
customer and employee records, store payment information separately and securely, and ensure
all your equipment protections are up to date and working well.
▪ Build cybersecurity into your operational processes. IT systems can be vulnerable if they
aren’t properly maintained. Harden your network by removing or changing default credentials
(e.g., passwords such as 1234567 and user names like “admin” or “info”). Apply critical security
patches promptly and monitor systems for deviations from expected norms.
Cyber Defense eMagazine – January 2023 Edition 151
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
